These are my notes from my latest Pajamas TV segment, which was live yesterday. I don’t yet have a link to the Flash (free) version, but if you check this page, you can see the video as soon as they have posted the free version. (I am not sure they are going to keep on posting free versions; it is meant to be a paid service.)

I’m slated to be on again today and this Friday, October 24, at 6:00 pm Eastern.


Personal identity crisis continues. What will it take for companies to take this as seriously as they should? First, there’s a report from Georgia Tech that with cell phones getting more complicated and more connected, it turns out they are perfect targets for hackers. Just imagine a horde of cell phones being programmed to periodically dial toll numbers. They’ve even got a name: “zombie phones.”

But even more scary, officials have found small devices in European point of sale card swipe machines that send selected transaction information to Pakistan. These are the card machines you use at the grocery store — totally plain vanilla. The devices appear to be untraceable and are inserted in some made-in-China MasterCard boxes. The best way to find out if a store has been infected is to literally weigh their card swipe machines. Bad machines weigh four ounces more than good ones.

This is affecting large, chain stores, including a British unit of Wal*Mart and Tesco.

It is not isolated or off the beaten path. And it really is diabolical. The machines can be set, evidently, to just send a few transactions, say like every tenth Visa Platinum transaction, once a day. They can also get new instructions when they send their take — so their work is quite hidden. Add that up over time.

What happens to the information once it goes to Pakistan? It gets used, of course. Bank withdrawals are made, plane tickets and other merchandise get purchased. So far, the estimates are between $50 and $100 million. The motivation appears not to be a espionage, but plain old theft. Authorities are watching, though, in case there is a terrorism link, the destination being in Pakistan and all.

What can companies do? That’s a tough question and it may be one of those things where the bad guys are always one step ahead of the good guys. But the good guys can get a little more serious about this. Yes, they will say they have security experts and yes, they will say that such piracy hurts them as much as it hurts, say, Joe The Plumber. “Security is our top priority.”

Nevada has instituted new rules that companies must encrypt the information they keep. But this may not be enough. The whole data chain needs to be protected, just like the food chain.

I think I am going to start paying cash for everything I can!