Thursday, March 15, 2007

"Google Adds a Safeguard on Privacy for Searchers"

Miguel Helft of the New York Times reports today that Google plans to implement a search log anonymization policy. A March 14 post on Google Blog makes a similar report. According to Google's Log Retention Policy FAQ, Google "will change some of the bits in the IP address in the logs as well as change the cookie information," though the company is "still developing the precise technical methods and approach to this." The anonymization policy will be retroactive and might go into effect by the end of the year.

The Log Retention Policy FAQ also notes that data retention laws might require Google to retain data beyond this 18-24 month period. The United States currently does not have a national communications data retention requirement, but a proposal for such a law is pending in Congress, as previously discussed here.

Thursday, March 08, 2007

"Skimming Devices Target Debit-Card Readers"

In the Wall Street Journal this morning Joseph Pereira reports on the use of "skimmers" to steal data from point-of-sale debit card readers:

The brazen data breach highlights a serious vulnerability in the retailing world: computerized cash registers known as point-of-sale, or POS, terminals. Thieves can use "skimming" devices -- generally circuit boards or hand-held wireless units -- to steal payment-card data off card-swipe machines. Once the information is pilfered, it can either be used to make counterfeit cards or sold to other criminals. At times, the skimming devices are also installed in ATMs, though ATM scams are more likely to involve cameras.

Experts say that POS-related data fraud is far more common than the kind of breach reported recently by TJX Corp. in which hackers infiltrated the off-price retailer's central computer database and stole data from thousands of customers. POS fraud also occurs more frequently than so-called phishing scams, in which Internet users are tricked into giving up their credit-card and other financial information.

The article also cites a Gartner, Inc. analyst's estimate that "80% of credit-card data breaches are tied to cash-register and other POS terminals," though it doesn't state what proportion of losses are tied to data taken in this manner.