Today we share a terrific guest blog by our P2PE partner, 3DSI, on the reality of data breaches in 2017.
Forgive us for not harping on every major retail company’s data breach when it happens this year.
In our defense: It happens a lot. A lot. It would be a full-time job to track all of the credit-card and payment-card hacks by cyberthieves. (In fact, it is a full-time job for Brian Krebs.)
More importantly, 3Delta Systems has always been a solutions-based company, more concerned with helping you understand how to protect your data, how to process payments simply and securely, and how to save money with Level-3 transactions.
That said, we’d be remiss if we didn’t bring Paying It Safe readers up to date on the highest-profile card data breaches revealed so far in 2017.
This is by no means a comprehensive list, but they are the places that many of us have likely done business this year. The highlights, in the order they were announced — or, in some cases, pried out by the press. (cough cough, B&B Theatres.)
- B&B Theatres might have found a wallet-buster instead of a blockbuster this summer. In July, the nation’s seventh-largest theater chain announced a credit-card breach investigation — just after data-breach investigator extraordinaire Brian Krebs prodded the company over suspicions that the chain has been leaking credit card numbers for two years. That’s longer than it takes Marvel to reboot a Spider-Man franchise.
- The Chipotle restaurant chain is feeling the heat after discovering that cyberthieves snagged card data from mag stripes on point-of-sale devices for three weeks, between March 24 and April 18. At least the good hombres at Chipotle caught the malware incident and reported it quickly. Their website even lets you dial down by location to see when your card data at their store might have been at risk.
- Kmart’s latest blue-light special might be the Five-O from the PCI-compliance authorities, as the company revealed in May that rogue code had run the gauntlet beneath its antivirus system an compromised customer credit card numbers. This is the second public breach for Kmart and/or parent company Sears since 2014. The beleaguered chain is in the process of closing more than 260 stores amid retail malaise — and apparently the “everything must go” philosophy included the credit-card data of its customers.
- Folks using their cards at IHG hotel properties — a multinational hotels company that includes brands like Candlewood Suites, Crowne Plaza, Holiday Inn and Staybridge Suites — might be suffering from some bad nights’ sleep after learning that credit cards were breached at on-site restaurants and bars. The breach occurred over five months beginning in August 2016. It was announced in February as a breach at 12 properties, but in April the company notified the public that the breach actually affected 1,200 properties.
- Fast-food diners might have a beef with Arby’s restaurants when Krebs outted them for a three-month breach it discovered in January. The malware-based breach occurred in an unspecified number of the chain’s 1,000 corporate-owned locations.
What it means
Consumers likely know the drill by now. Assess if you’ve been to these places. Check your statements carefully. Consider a new card if your card was at risk.
For retailers, it’s a clear sign that even though card-present fraud might be statistically down, per the Ponemon Institute, it’s still happening at a frightening scale and wreaking havoc with a hard-earned brand’s reputation. And these high-profile breaches are just what’s bubbled to the surface of the public’s psyche, since medium and small companies are more likely to comprise the bulk of the breaches.
Secure payment processing is more important than ever, no matter if it’s card-present or card-not-present.
For online and other CNP retailers, a new white paper from retail management consultancy BRP has found online fraud has increased 137 percent since the adoption of EMV in the US.
BRP on Tuesday issued a press release for the white paper, suggesting companies use encryption and tokenization for true data security. And that’s been 3DSI’s mantra for years.
“Hackers are becoming increasingly sophisticated, requiring organizations to re-analyze and revamp their current security protocols to adequately protect their customers’ payment and personal data,” said Ryan Grogman, BRP vice president. “Retailers who have not implemented these technologies are at high risk, as the likelihood of being targeted by hackers increases every day.”
As a Product Marketing Manager for 3Delta Systems products, Brad Barnes is responsible for marketing strategy and content for 3DSI’s payment and security solutions, including CardVault and Payment WorkSuite. Brad was a journalist for 17 years before working for Aflac’s marketing division and 3Delta’s companion company, AOC Solutions.
