Credit card breaches are still a reality
Major retailers report being victims of data breaches in 2017
Published June 14, 2017
Over the past few weeks, several nationwide companies like K-Mart, GameStop, Brooks Brothers, and Chipotle Mexican Grill were allegedly the victims of data breaches which could have exposed thousands of consumers’ payment card data. As with a number of credit card breaches, these breaches were caused by malware, short for malicious software, designed to capture or access the sensitive cardholder information.
While malware itself has been in the news lately with the WannaCry ransomware affecting everything from mom-and-pop businesses to the National Health Service in the UK, malware targeting cardholder information is nothing new. In 2013, Target was a victim of an infamous data breach caused by malware affecting the point-of-sale devices. As the payment card was swiped during the checkout process, cardholder information stored within the card’s magnetic stripe was taken.
This is apparently similar to how the most recent Chipotle breach occurred. According to Reuters, Chipotle could face a fine and be held liable for any fraud resulting from the breach. A class action suit filed against the restaurant in Colorado federal court claimed that, because Chipotle failed to implement EMV (chip and PIN) technology, significant harm and substantial costs befell several financial institutions affected by the breach.
Malware can be also very difficult to detect, and due to the rapid speed at which cardholder information can be compromised, a lot of damage can be done in a relatively short time. Clothier Brooks Brothers announced that certain retail and outlet locations’ payment processing systems were the victims of a malware attack. This security incident affected customers from April 4, 2016 to March 1, 2017.
While it is uncertain if a lack of proper security measures such as EMV were the cause of all major data breaches throughout the country over the past few weeks, upgrading outdated credit card terminals to chip and PIN technology is highly recommended. In addition to terminal upgrades, practicing the proper security procedures is helpful, including being PCI compliant.