Men in Black

Secret Service agents warn NACStech retailers about hackers

NASHVILLE, Tenn. -- Complete with dark suits, Ray Bans and American flag pins on their lapels, two U.S. Secret Service agents warned retailers attending the NACStech 2005 conference in Nashville of the impending and persistent nature of the nation's computer hacking problem, detailing ways criminals can access credit card data and employee information with the intent to perpetuate fraud.

Approximately 75 retailers present at the morning educational session heard agents Mark Sletto and Lee Eaves define scamming techniques and give advice on what to do [image-nocss] to avoid becoming a victim. One of the ways criminals can get a hold of data was what Sletto called phishing, which is basically sending an e-mail that, under false pretense, asks for information like passwords or credit card numbers.

Another way criminals can get into business computers is through what Sletto called trojans, which are unseen programs snuck into a computer network when employees download files such as humorous videos. You need to know what your employees are doing, he advised.

Sometimes businesses need to examine their own operational setup. For instance, businesses providing customers with wireless access may fail to separate their own company files from the WiFi service, allowing an open access for criminals.

Broadening the scope of exactly who may perpetuate these crimes, Sletto then asked retailers not to preclude their own employees. Cashiers with the ability to rig point-of-sale (POS) registers and quick-service restaurant (QSR) employees who handle credit cards can use magnetic-strip devices to obtain credit card informationdata that they sell for as little as a dollar a number. He emphasized the importance of background checks and creating secure areas for a sensitive information, inclusive of locks, security cameras and logs that detail which employees entered the area and when.

Sletto also advised retailers to focus not only on credit card files, but employee records. He said application forms have a lot of information about individuals, including date of birth and social security numbers.

These bad guys recruit people to go in and steal that information, he warned.

Toni Marston of J & S Oil, Manchester, Maine, found that to be a revelation. We've focused on securing credit card information, but I'm going to take a second look at [how we secure] our human resources [files].

Fran Duskiewicz, Nice N Easy Grocery Shoppes, Canastota, N.Y., said two years ago, hackers shut their system down. You can never come up with enough protection.

Sletto advised retailers to have a plan that will not only tighten security, but also address what needs to happen in the event a hacker does get into a company's computers. He asked the room of retailers if they had their logs turned on, meaning, has the company invested in the electronic storage that will allow computers to track and store information about emails that go in and out? He says that kind of detail helps him investigate a security breach.

Finally, Sletto emphasized the prevalence of the problem. You haven't heard much about it because businesses don't like to let people know they've been hacked, he said. But know that people are being hacked left and right.

Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.


More from our partners