Announcement

Collapse
No announcement yet.

Why are you asking me? I'm not the tech dept.

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Why are you asking me? I'm not the tech dept.

    I am a cashier. I don't work on the computer system beyond ringing up transactions. And yet, because of all the credit card fraud in the news, people ask me if our system is safe. I don't know! Do I look like someone in security??

    This guy asked me today if we "had something in place" to keep it from happening. I informed him, as I always do, that our system is fine [i]as far as[/] I know--not being any part of security or tech in the company--and that I can't guarantee anything. I simply do not tell people only what they want to hear if I don't know it to be true, and I never have done so my whole life. That's how I roll.

    He said, "Well, nothing is guaranteed in this life." OK, so why did he ask me? If he really wanted to know he could've written or called the company or asked for management before completing a transaction. But instead he asked me a question he knew I wouldn't have a satisfactory answer for and snapped back at me. He just wanted a fight.
    "Is it hot in here to you? It's very warm, isn't it?"--Nero, probably
    Tags: None
  • #2
    Ever since those hacks, customers have been asking us about how safe our system is. Thing is, if they really wanted to know, they'd contact corporate and ask them; after all, that's where the system originates. But no, they'd rather bully the frontliner so they can feel satisfied that they've shown how "clever" they are.

    Another thing that gets me; they worry that our system may be hacked into, yet they'll happily download coupons from third-party coupon sites, many of which don't even work or can put spyware on the smartphones, rather than downloading them directly from our official site. (To the tech-savvy people here: is it possible to hack into a register that's entered a not-legit coupon code? I have a theory that's what's been happening, but I could be completely wrong.)

    Of course, the SCs talk to us like we are the ones personally responsible for the hacking. It's not enough that we're taking all the monies with high prices, we must be skimming the profits cuz we're ebil like that. Right. Like I really want to risk my freedom and clean record. And if I were that talented at computers, I could get an honest computer programming job and make a lot more money.
    I don't have an attitude problem. You have a perception problem.
    My LiveJournal
    A page we can all agree with!

    Comment

    • #3
      Why not go for "Please contact our corporate offices, they'll be able to answer your questions regarding our system security. Thank you for shopping with us!"?
      You're only delaying the inevitable, you run at your own expense. The repo man gets paid to chase you. ~Argabarga

      Comment

      • #4
        If the register has a security bug in the coupon-handling code, then it might be possible for a specially-crafted coupon to exploit it. However, you would probably notice something weird about such a coupon, such as the barcode being somewhat larger than usual (which would be the way to exploit the most common type of security bug - a buffer overflow).

        Comment

        • #5
          They'd need more payload than a few numbers though to do anything more than possibly crash the application.

          Target, Home Depot, and PF Chang's were all hit with the same malware. In Target's case it was a semi-inside job perpetrated by malicious contractors at an air conditioning company. You'd think Target would've been a wakeup call... but apparently not.

          It's enough to make one want to start using cash.
          Supporting the idiots charged with protecting your personal information.

          Comment

          • #6
            I get that all the time at the big box hardware store. I tell people to use checks, which take longer at the checkout, or use cash, and refer them to the bank across the parking lot.

            Comment

            • #7
              I saw an article the other day that basically said if you use a debit or credit card to shop anywhere, that information is going to get compromised.

              Comment

              • #8
                Right, if the coupons have codes which you have to *type* into the register, or if it's an ordinary straight barcode which substitutes for a typed code, then there isn't enough information in it to perform a traditional exploit. 2D barcodes are slightly more of a concern, but only slightly, because (as I mentioned) the code would have to be quite a lot bigger than normal.

                QR codes are an interesting special case, because they have a variety of behaviours specified for them, beyond the mere conveyance of data. Someone might try to see if the register will follow a URL embedded in one, or trip over some corrupted text in a far-eastern encoding, or even do a "Bobby Tables" attack (aka SQL injection). Such attacks have a slightly higher chance of succeeding; input validation seems to be much harder to get right than memory management.

                Rather more likely is some sort of physical adjustment to the system so that it skims and records card details for later cloning. This is a lot easier in America than in Europe, because you lot haven't adopted Chip&PIN yet, and a big operation of this sort would be run "professionally" using insiders or contractors.

                Comment

                • #9
                  It's enough to make one want to start using cash.
                  I do want to do that, actually.
                  When you start at zero, everything's progress.

                  Comment

                  • #10
                    Quoth Chromatix View Post
                    QR codes are an interesting special case, because they have a variety of behaviours specified for them, beyond the mere conveyance of data.
                    I don't recall whether it was here or somewhere else, but someone wrote that in the early days of QR codes, he found a product on the shelf that interested him. Printed on the package were the words "Scan our QR code for more information on this product.", with a QR code below it.

                    So he scanned it. It decoded to the following text:

                    Scan our QR code for more information on this product.

                    Comment

                    • #11
                      Quoth Kittish View Post
                      Why not go for "Please contact our corporate offices, they'll be able to answer your questions regarding our system security. Thank you for shopping with us!"?
                      I've tried that before and they get mad because I'm taking away their opportunity to argue with a peon.
                      "Is it hot in here to you? It's very warm, isn't it?"--Nero, probably

                      Comment

                      • #12
                        Quoth Kittish View Post
                        Why not go for "Please contact our corporate offices, they'll be able to answer your questions regarding our system security. Thank you for shopping with us!"?
                        I have actually told someone that before in a sorta-similar situation. She completely ignored me, talked right over me, complaining about the website over and over and over and expecting me to do something about it.
                        Last edited by XCashier; 10-23-2014, 01:53 AM.
                        I don't have an attitude problem. You have a perception problem.
                        My LiveJournal
                        A page we can all agree with!

                        Comment

                        Previous template Next
                        Working...
                        X