FARK.com: (12609504) You might think a thief in a salon is as bright as a bank robber in a lingerie shop, but the "cashless" society offers new opportunities

It's Not News, It's Fark

If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

		You might think a thief in a salon is as bright as a bank robber in a lingerie shop, but the "cashless" society offers new opportunities (ktla.com)		28
		More: Scary, Credit card, Payment, credit card payment machine, Grand salon, Debit card, Money, Theft, Security footage

• • •

3655 clicks; posted to Main » on 19 Oct 2022 at 12:50 PM (22 weeks ago) | Favorite | share:

28 Comments (+0 »)

View Voting Results: Smartest and Funniest

SecretAgentWoman

2022-10-19 12:57:57 PM

Soooo many questions - how is this machine secured? Was the salon at fault for using ABC123 as a password? Did the maker of the credit card processing machine fail to warn the owners about the vulnerability?

GhostOfSavageHenry

2022-10-19 1:05:22 PM

Must have been a cheap model or something. The terminals I've worked with lock up like a vagina at an anime convention if you even look at it wrong, much less let it have a power failure and wake back up on a different network. And this ain't even getting into authentication which is similarly temperamental.

Rage Against the Thorazine

2022-10-19 1:07:05 PM

SecretAgentWoman: Soooo many questions - how is this machine secured? Was the salon at fault for using ABC123 as a password? Did the maker of the credit card processing machine fail to warn the owners about the vulnerability?

That's the weird thing about the analog credit card processing terminals. The store's credentials are programmed in the terminal by the credit card processor that issued it and are sent automatically when you do a transaction. If you have the terminal you can just plug in a phone line and go to town.

ctighe2353

2022-10-19 1:08:15 PM

I own several of these.

There is no password but I think you can set up users, I have never done it.
Yes you can plug it in to any internet connection and it will just work. For some reason you can refund a card that was never charged and on the simple machines I have you cannot stop it. Once or twice a year someone goofs up and credits a customer instead of charging them, most of my customers are regulars so I tell them it's a reward.

I'm guessing their machine was set with profiles and for some reason the thief kept swapping profiles for some reason. I don't know their structure but it seems they are either independent or commission which is most common. If they are commission then the owner still has to pay them, if it's a legal place insurance will cover it but most salons are not legally run.
The CC company should have flagged 40k in refunds in a day, I have not gotten 1k in refunds in 7 years.

hlehmann

2022-10-19 1:14:37 PM

How is it that the employees might be on the hook for their pay being stolen? The salon owner is responsible. Got burglarized? had your POS system stolen?, the mob broke you fingers? Fark you, pay your employees.

wildcardjack

2022-10-19 1:20:38 PM

Adapt, adopt, improve...

Monty Python "Bank robber" ...failure! Brittishly funny

Speef

2022-10-19 1:29:15 PM

ctighe2353: SecretAgentWoman: Soooo many questions - how is this machine secured? Was the salon at fault for using ABC123 as a password? Did the maker of the credit card processing machine fail to warn the owners about the vulnerability?

I own several of these.

There is no password but I think you can set up users, I have never done it.
Yes you can plug it in to any internet connection and it will just work. For some reason you can refund a card that was never charged and on the simple machines I have you cannot stop it. Once or twice a year someone goofs up and credits a customer instead of charging them, most of my customers are regulars so I tell them it's a reward.

I'm guessing their machine was set with profiles and for some reason the thief kept swapping profiles for some reason. I don't know their structure but it seems they are either independent or commission which is most common. If they are commission then the owner still has to pay them, if it's a legal place insurance will cover it but most salons are not legally run.
The CC company should have flagged 40k in refunds in a day, I have not gotten 1k in refunds in 7 years.

So how did individual employees lose money in that scenario?

Herr Flick's Revenge

2022-10-19 1:33:58 PM

If they mean the actual credit card reader, they are only as secure as you make them. This will be determined by who is providing your POS system and support.
The reader itself is a dumb terminal. It reads the card, encrypts the traffic and contacts the clearing house and receives a yes or no response. It doesn't keep any card or transaction data on it.

They can be programmed to disable themselves and wipe the encryption keys if they are tampered with. After this is done it has to be returned to the company and reprogrammed before it will work again.
This requires someone who knows what they are doing to properly set up your system. It also requires you to be willing to pay for a replacement if this happens.

If someone knowledgeable gets unrestricted access to your hardware, it's going to be cracked. All you can hope for in that scenario is that you make it hard for them to do so and make it as time consuming and expensive as possible.

FarkMeThatsGood

2022-10-19 1:36:13 PM

My bank once shut my card down while I was paying for a burrito at a different Chipotle than I normally go to, but they didn't catch $40k in refunds from a hair salon of all places. How often does a salon even give refunds?

Clarence Brown

2022-10-19 1:37:40 PM

Speef: So how did individual employees lose money in that scenario?

My question too. Perhaps it's one of those places where the "employees" rent chairs etc. from the salon owner? So, the money was taken from their accounts??

jumac

2022-10-19 1:40:06 PM

Speef: ctighe2353: SecretAgentWoman: Soooo many questions - how is this machine secured? Was the salon at fault for using ABC123 as a password? Did the maker of the credit card processing machine fail to warn the owners about the vulnerability?

I own several of these.

There is no password but I think you can set up users, I have never done it.
Yes you can plug it in to any internet connection and it will just work. For some reason you can refund a card that was never charged and on the simple machines I have you cannot stop it. Once or twice a year someone goofs up and credits a customer instead of charging them, most of my customers are regulars so I tell them it's a reward.

I'm guessing their machine was set with profiles and for some reason the thief kept swapping profiles for some reason. I don't know their structure but it seems they are either independent or commission which is most common. If they are commission then the owner still has to pay them, if it's a legal place insurance will cover it but most salons are not legally run.
The CC company should have flagged 40k in refunds in a day, I have not gotten 1k in refunds in 7 years.

So how did individual employees lose money in that scenario?

because in most salons the people doing the work are self-employed. They rent out a chair/space in the salon and the salon just takes a cut of each sale. and when a person pays it credited to the person doing the hair account. so by these guys doing returns it taking that out of their accounts. and the banks seem to be saying they are not promising to return that money to them.

stuffy

2022-10-19 1:43:18 PM

their bank isn't guaranteeing the salon workers will receive their money back.

Of course they aren't.

jumac

2022-10-19 1:48:56 PM

stuffy: their bank isn't guaranteeing the salon workers will receive their money back.

Of course they aren't.

cause the banks don't see it as their issue to them its a insurance issue. to the bank the business(or workers if self-employed) should have insurance for this type of thing. Its only the banks issue if it was cause of their screw up.

ctighe2353

2022-10-19 1:54:24 PM

I'm guessing they are independent contractors sharing a terminal but select their own name before each sale, like 1 is Becky, 2 is Sara etc.
Either way unless it's a Sola salon I would imagine someone somewhere has business insurance that covers it.
But thinking back to my biggest mistake in business which was to own a hair salon.... nothing is legal or right, every owner I know and have spoken with run as illegal as possible which is why I got out fast.

cgobla

2022-10-19 1:56:46 PM

Clarence Brown: Speef: So how did individual employees lose money in that scenario?

My question too. Perhaps it's one of those places where the "employees" rent chairs etc. from the salon owner? So, the money was taken from their accounts??

Oh that has to be it. The thief looks at past transactions and sees all the high ones are for chair rental fees or the employees are the only transactions in there. So a refund is issued to be put on their pre-paid card. Which shouldn't be allowed also I have always had places say it has to be the card that was used to make the purchase. Unless they have some crazy card spoofing technology.

relaxitsjustme

2022-10-19 2:11:20 PM

This is why they should only accept Bitcoin.

Vtimlin

2022-10-19 2:15:44 PM

The owner did it or coordinated it.

Izo

2022-10-19 2:42:01 PM

ctighe2353:

But thinking back to my biggest mistake in business which was to own a hair salon.... nothing is legal or right, every owner I know and have spoken with run as illegal as possible which is why I got out fast.

How do you mean illegal? I assume taxes / money / etc since its not like they're coloring hair with LSD.

Denjiro

2022-10-19 2:50:22 PM

Rage Against the Thorazine: SecretAgentWoman: Soooo many questions - how is this machine secured? Was the salon at fault for using ABC123 as a password? Did the maker of the credit card processing machine fail to warn the owners about the vulnerability?

That's the weird thing about the analog credit card processing terminals. The store's credentials are programmed in the terminal by the credit card processor that issued it and are sent automatically when you do a transaction. If you have the terminal you can just plug in a phone line and go to town.

That and most merchants have barely any idea about how they work. I briefly worked for a company that handled the software for the terminals. My group fielded calls from merchants calling in to update the software on their terminals. This was just after the government mandated update to hide the full credit card numbers on receipts. It was even worse than doing dial-up ISP tech support which I'd also done around the same time period.

fatassbastard

2022-10-19 3:22:34 PM

2 a.m. in the morning

gilatrout

2022-10-19 3:31:35 PM

hlehmann: How is it that the employees might be on the hook for their pay being stolen? The salon owner is responsible. Got burglarized? had your POS system stolen?, the mob broke you fingers? Fark you, pay your employees.

That's why in America we use contractors. Employees have rights and that just isn't ok

Some Junkie Cosmonaut

2022-10-19 3:46:06 PM

Denjiro: Rage Against the Thorazine: SecretAgentWoman: Soooo many questions - how is this machine secured? Was the salon at fault for using ABC123 as a password? Did the maker of the credit card processing machine fail to warn the owners about the vulnerability?

That's the weird thing about the analog credit card processing terminals. The store's credentials are programmed in the terminal by the credit card processor that issued it and are sent automatically when you do a transaction. If you have the terminal you can just plug in a phone line and go to town.

That and most merchants have barely any idea about how they work. I briefly worked for a company that handled the software for the terminals. My group fielded calls from merchants calling in to update the software on their terminals. This was just after the government mandated update to hide the full credit card numbers on receipts. It was even worse than doing dial-up ISP tech support which I'd also done around the same time period.

Heh ye gods - ancient people who are still mad they can't just do card carbons anymore, haven't learned about technology since the days of the dial up telephone to hell with dial up modems - and anything past it is dark sorcery... I'm sorry

Tom Marvolo Bombadil

2022-10-19 3:46:57 PM

stuffy: their bank isn't guaranteeing the salon workers will receive their money back.

Of course they aren't.

It is comforting to know that even in this quickly changing modern world some things remain the same.

E_Henry_Thripshaws_Disease

2022-10-19 4:42:59 PM

"Mind you, don't get seduced"

Bslim

2022-10-19 7:14:58 PM

GhostOfSavageHenry: Must have been a cheap model or something. The terminals I've worked with lock up like a vagina at an anime convention if you even look at it wrong, much less let it have a power failure and wake back up on a different network. And this ain't even getting into authentication which is similarly temperamental.

lock up like a vagina at an anime convention

Bob The Nob

2022-10-19 7:46:05 PM

Adopt, adapt, and improve.

Rage Against the Thorazine

2022-10-19 10:52:21 PM

Some Junkie Cosmonaut: Denjiro: Rage Against the Thorazine: SecretAgentWoman: Soooo many questions - how is this machine secured? Was the salon at fault for using ABC123 as a password? Did the maker of the credit card processing machine fail to warn the owners about the vulnerability?

That's the weird thing about the analog credit card processing terminals. The store's credentials are programmed in the terminal by the credit card processor that issued it and are sent automatically when you do a transaction. If you have the terminal you can just plug in a phone line and go to town.

That and most merchants have barely any idea about how they work. I briefly worked for a company that handled the software for the terminals. My group fielded calls from merchants calling in to update the software on their terminals. This was just after the government mandated update to hide the full credit card numbers on receipts. It was even worse than doing dial-up ISP tech support which I'd also done around the same time period.

Heh ye gods - ancient people who are still mad they can't just do card carbons anymore, haven't learned about technology since the days of the dial up telephone to hell with dial up modems - and anything past it is dark sorcery... I'm sorry

I know it sounds strange using dial-up in 2022 but they work in areas that don't have reliable broadband access and they're cheap and reliable with minimal maintenance. There's not much to go wrong. And all the customer has to do to install a terminal is hook the power and phone cord up and turn it on so you don't get alot of tech support calls.

Some Junkie Cosmonaut

2022-10-20 12:19:19 AM

Rage Against the Thorazine: Some Junkie Cosmonaut: Denjiro: Rage Against the Thorazine: SecretAgentWoman: Soooo many questions - how is this machine secured? Was the salon at fault for using ABC123 as a password? Did the maker of the credit card processing machine fail to warn the owners about the vulnerability?

That's the weird thing about the analog credit card processing terminals. The store's credentials are programmed in the terminal by the credit card processor that issued it and are sent automatically when you do a transaction. If you have the terminal you can just plug in a phone line and go to town.

That and most merchants have barely any idea about how they work. I briefly worked for a company that handled the software for the terminals. My group fielded calls from merchants calling in to update the software on their terminals. This was just after the government mandated update to hide the full credit card numbers on receipts. It was even worse than doing dial-up ISP tech support which I'd also done around the same time period.

Heh ye gods - ancient people who are still mad they can't just do card carbons anymore, haven't learned about technology since the days of the dial up telephone to hell with dial up modems - and anything past it is dark sorcery... I'm sorry

I know it sounds strange using dial-up in 2022 but they work in areas that don't have reliable broadband access and they're cheap and reliable with minimal maintenance. There's not much to go wrong. And all the customer has to do to install a terminal is hook the power and phone cord up and turn it on so you don't get alot of tech support calls.

No - it doesn't sound strange at all. As you said, some areas aren't wired for broadband, and transactions aren't vast in their bandwidth requirements at all. I more meant those who simply can't understand any tech beyond the telephone past the "I push buttons and it does things!" level. And I know there are plenty of those in retail, I've met far too many "/

Displayed 28 of 28 comments

View Voting Results: Smartest and Funniest

Redisplay/refresh comments

This thread is closed to new comments.

Can't get enough Fark in your life? Try

More threads. More community. More Farking.

learn more | sign up

Report

Support Fark

learn more

Headlines of the Month
Fark NotNewsletter

Report

Like Fark!

Follow @Fark On Twitter

Report

Fark.com

Top Commented

Top Commented ▼

Top Commented
Top Clicked
Top Voted
My Recent Commented
Recent Mentions

Javascript is required to view headlines in widget.

Links are submitted by members of the Fark community.
When community members submit a link, they also write a custom headline for the story.
Other Farkers comment on the links. This is the number of comments. Click here to read them.
You need to create an account to submit links or post comments.
Click here to submit a link.