For second time in about one year, the wholesale restaurant suppler, Restaurant Depot, has suffered a breach to their credit card system. BankInfoSecurity.com is reporting that the breach occurred between November 7 and December 5, 2012. The number of credit cards affected and how exactly the breach occurred has not yet been disclosed. The Restaurant Depot also owns the Jetro Cash and Carry chain and has 81 locations nationwide. The attack was not on one single location’s POS system but on the chain as a whole.
Restaurant Depot experienced their first breach right around the same time of the year in 2011. That breach was first thought to have comprised up to one million cards. In the end a more modest 200,000 cards were confirmed stolen. Hackers stole the data by breaking into Restaurant Depot’s unsecured network. According to the 2011 reports, “[The] cybercriminals placed malware onto the credit and debit card processing systems used in Restaurant Depot’s stores, and then harvested the stolen data and sent it to a server in Russia.”
This repeat breach has a lot of people wondering if the Restaurant Depot really did all they could to secure their payment systems after the first breach occurred in 2011. The President of the company, Richard Kirschner, maintains that at the time of this second breach, their payment systems were fully compliant with the PCI DSS. (more…)
Change is on the horizon for MasterCard and Visa cardholders in the United States. Both brands announced that they will be updating their credit cards from the magnetic stripe to the chip-and-pin format. The U.S. is one of the last major countries to transition to the chip-and-pin format. Countries in Europe have been using the chip and pin method since 2005, as have Asia and South America. Canada plans to make the switch in the coming year.
The switch in formats has proved very effective for the United Kingdom where they have seen a significant reduction in credit card fraud. The U.K. Payments Administration stated that since the implementation of the chip-and-pin credit cards, in-store credit card fraud dropped from 218.8 million pounds in 2004 ($356.5 million) to 98.5 million pounds in 2008 ($160.5 million).
Unlike the magnetic stripe currently used on credit cards around the United States, these cards have a smart chip containing the cardholder’s information and each time you swipe the card you are required to enter a four-digit PIN that corresponds with a number inside the chip. (more…)
When you think of a data breach, you usually think of how it negatively affects the breached business and their customers. Did you ever wonder what happens to the actual businesses that falls victim to the fraudulent charges, and how they are affected? Well, it’s not a pretty picture!
Many of you probably assume that if fraudulent charges are made on your personal credit or debit cards that those charges will be covered and you won’t be held liable for those transactions. But, depending on the situation that may not be the case. Banks take a major hit, absorbing a large portion of the financial loss. Although, in most instances, the merchants that accepted the fraudulent charges are the one’s responsible to pay back their customers, even though, the goods/services were technically “stolen” from them. (more…)
PCI compliance means making sure that your data security is in line with the minimal recommended requirements of the payment card industry standards. What this means is that you are looking after the personal and financial information of customers and clients who hand over their payment details and keeping it safe from potential hackers and others who might break into your system.
In order to accept a payment card it is necessary for you to meet this PCI compliance and if you do not then you will only be able to accept cash – drastically decreasing the number of impulse buys you get and making your company seem relatively dated.
There are many PCI requirements that factor into PCI compliance and if you want to use the cards then you need to meet these. One of these factors is to make sure that you have adequate protection for any stored data and this will affect a great number of businesses.
First of all let’s look at why you might want to store data in the first place. Essentially by stored data is meant any information that you keep on a database regarding clients, customers or other businesses. This information might be a list of names and addresses only, or it might be something more thorough such as financial information.
The reason you might store financial information is that you can use it for direct debits and for ‘profiles’ on a website. Many companies will allow a customer to log in and create a profile that contains their financial data so that they can very easily make purchases at the touch of a button. This allows every part of a website to become a point of sale, but it means that all that information has to be stored on the server. On the other hand any business that provides a customer with a loan, a payment scheme, a subscription or a monthly contract is going to want to take money out of their account automatically on an agreed day – and that means storing data.
Alternatively if you provide a company or an individual with a service, then these ex-clients become leads – i.e. parties that you know are interested in your service and that might be more likely to buy in future. By logging these you can then smartly advertise to them all with future products and services. Even though you are only storing addresses in this situation it is very important that you keep these safe as otherwise your customers could get spammed or suffer from identity theft and you would then lose their faith in your company. So valuable is this kind of information that some companies even sell it for a large profit – so make sure you protect it.
There are many ways to protect stored data for data security and they include making sure that any physical data that is printed out is locked away somewhere safe (and that you don’t throw it out with the rest of the trash) while online data needs to be protected by the latest internet security services.
Last week, the world’s largest “permissions-based” email marketing company reported a breach that is quickly growing to possibly be one of the biggest in U.S. history. Epsilon, which sends more than 40 billion e-mails a year, reported that hackers breached their systems and stole client information.
In a company statement,Epsilon said the breach didn’t include any financial information like credit card or social security numbers but an unknown amount of clients’ customer e-mails addresses and names were stolen. Clients such as Walgreen’s, TiVo, Capital One, HSN, JP Morgan Chase and Citigroup, have been added to the growing list of victims.
While the breach didn’t retrieve any financial information, security experts still think that these victims are at risk of being exposed to malware that could be delivered via spam or suspicious e-mails. Victims could also receive e-mails that look official and even personalized, asking for sensitive information to further breach them.
As the breach continues and more and more companies are not protecting their customer information, government officials will have to step in,resolve the issues and hand out heavy fines. In fact, to read how Congress has already started to demand answers from Epilson, click here!