Credit card skimmer hits DVC at WDW

"Roger" said:
news came up in my search for these topics for training I have to teach at work
What would you have to be training people at work on that would require research into Credit Card skimming scams. ; Also, would you like to share your presentation on that financial nuisance with the group ;)

I have always tried to check every gas pump I've ever used for one, but honestly, I doubt I'd recognize one if it was there. ; The only time I've had my credit card number stolen was from a taxi driver between Disney's Grand Californian and Santa Ana Airport (aka John Wayne)
After reading that article I must say that I was surprised that the computers used by the day-to-day Cast Members would even let them plug a device into them. ; My employer has locked down all the USB, Firewire and other peripheral ports on all machines. ; Even a person like myself who has a top-tier developers box has all his ports locked down. ; I can read from a portable device, but I cannot write to it
I'm finishing up my PCI Compliance...stuff.

Skimmers aren't part of PCI-DSS, but they're a problem, mainly because if a skimmer's installed and not detected before Visa/MC/AMEX do their SQL stuff and figure out where everyone used their card....the merchant has to pay for the CSI: Forensic Audit team.

All of our key pads are now 3DES encrypted, so the big problem left is card readers, and the new hot thing is to put a device between the reader and the control board on the pump. ; So a customer won't be able to notice them. ; I'm trying to help show them what the connections look like and where they are so they can check the pumps when they open them, which is frequently. ; (pump design, pumps other than last few years have you open the whole pump to change the paper)
It could have been added to the end of the place where they swipe the card or it could have been separate from the device.....
"Roger" said:
It could have been added to the end of the place where they swipe the card or it could have been separate from the device.....

Well the article said the guilty party hooked the device to their computer. ; So, having seen the swipers they use at Disneyland, they are typically part of the keyboard, so I'd assume that the device would have to be connected to one of the ports of the PC.

I do know that it isn't hard to disable any port (USB, Firewire, PS2, etc) on a PC with the right IT know-how and I would think Disney would have that
I'm thinking that she put a device between the card reader and the PC. ; One of the weak spots in skimmer prevention.

I reread the article and she's not fully telling all that there is. ; She only bought one device but then she was caught with 15?
there are portable skimmers that can swipe and store the information for further processing later (not going to explain the whole process)... ; around here for awhile restaurant servers were notorious for using them when they walked away with your plastic. ;
"Roger" said:
reread the article and she's not fully telling all that there is.

she is also claiming that her accomplice still owes her money for the stolen data as well. ; sigh.
"Grumpwurst" said:
What would you have to be training people at work on that would require research into Credit Card skimming scams. ; Also, would you like to share your presentation on that financial nuisance with the group ;)

How would you like it?
"Roger" said:
How would you like it?
What format can you provide? ; I can do powerpoint, PDF, and I'm sure my Macbook provides other viewing formats that I'm totally unware of at this time :)
"Grumpwurst" said:
What format can you provide? ; I can do powerpoint, PDF, and I'm sure my Macbook provides other viewing formats that I'm totally unware of at this time :)

Got the first one (original), can do the second, and while I did (doing) my training session on my MacBook, I'm running XP in Fusion 2 so I didn't convert it to Pages, although I did want to try and use my iPad as a teleprompter.....lemme get it up on my website for you to dl.