Thursday, April 10, 2008

Good Disclosure Practices: RedBox announces a skimming exploit the right way

Skimming by placing a device on an existing reader to read credit card magstripes when they're swiped isn't new - it has been seen in the past at ATMs and other locations. It continues to happen, with varying levels of sophistication.

What is noteworthy is that Redbox reported it in a useful advisory including pictures of what the skimmers looked like - thus taking advantage of an issue to educate customers. They also show the attached blocks that help prevent identity thieves from attaching skimmers to the systems - addressing the question "what are you doing about it". The blocks are not a total solution, but they'll help prevent normal sized reader devices from being attached. Hopefully, monitoring the locations where the devices were found also leads to arrests.

Details of the discovery, and what the devices looked like can be found on Redbox's website at:

No comments: