As Hackers Hit Customers, Retailers Keep Quiet About Security

As the holiday buying season approaches, retailers remain open to the same attack called a "point of sale" attack that hit Target and Home Depot, security experts say. Those analysts say that retailers have their fingers crossed, hoping they're not next.

And leading companies are keeping very tight-lipped about what, if anything, they're doing to protect customers.

Is This Store Hackerproof?

It's easy to spot a scratched face on a watch. It's much harder to tell if the checkout machine that you swipe to pay for that watch is defective.

But Davi Ottenheimer knows how. He's a security researcher at EMC, a Hopkinton, Mass.-based data storage company. He's been auditing retail for a decade. And we're looking at how "hackerproof" stores are this holiday shopping season.

We walk into a Rolex Store in San Francisco, and the diamond-studded watches don't catch Ottenheimer's eye. A tablet that's sitting by the counter, with a little square card reader plugged in, does.

"They're not even looking at us," he says as a sales representative walks away. "We could replace the card reader with our own card reader. I have several of those at home."

Never mind that an armed guard is patrolling the door. This store is ripe for a microscale cyberattack. Sure, it would just get a few dozen customers. But, Ottenheimer says, "they spend a lot of money, so if I want to get high-value cards, this would be a place where I could get them."

Rolex and Tourneau, the company managing the store, did not respond to NPR's request for comment about on-site security.

Over at Macy's, Ottenheimer wanders over to an empty corner and stares at a lonely register. He points to a little green icon that's blinking on the hard drive. "It has a network light on the front," he says.

Follow this link:
As Hackers Hit Customers, Retailers Keep Quiet About Security