Just in:
Andertoons by Mark Anderson for Thu, 28 Mar 2024 // Hullabaloo About Electoral Bonds May End Up As A Whimper Pre And Post Poll // Experts come together to support updating the city’s nature conservation masterplan // Renewables Surge Sets Record, But Global Equity Lags // Meta Earth Official Website Launch: The Pioneer Explorer in the Modular Public Blockchain Domain // Ingdan Announces 2023 Annual Results // AI Boost for Galaxy Devices: Samsung Expands One UI 6.1 Update // Emirati Aid Reaches Ukraine as Food Shortages Bite // Universal Language for Healthcare: General Authority Embraces Global Coding System // Emirates Post Speeds Up Deliveries for GCC with Special Day // Arvind Kejriwal Was Used By BJP In 2011 Movement To Take On The Congress // Sunshine’s Debut Features Leave Tech World Scratching Its Head // Konica Minolta is named ASEAN 2023 Market Leader in Colour Light and Mid Digital Production Printers // Court Sides with Coinbase on Wallet Service, But Staking Program Remains in Limbo // No running of govt from jail, says Delhi Lt Governor // U.S. Compliance Takes Center Stage at OKX Following Industry Jitters // German Job Market Resilience Bodes Well for Economic Recovery // US reiterates concern over Kejriwal arrest, Cong accounts // Lisboeta Macau’s world first LINE FRIENDS PRESENTS CASA DE AMIGO and BROWN & FRIENDS CAFE & BISTRO has officially opened // Sharpening the Focus: Sharjah Health Department Refines Evaluation Criteria for “Healthy Schools Programme” //
HomeWhat's OnWendy's Investigating Possible POS Data Breach

Wendy's Investigating Possible POS Data Breach

The trend of cyberattackers targeting retail and fast-food chains is continuing in 2016. Nationwide fast-food chain Wendy’s is the latest to announce it is investigating a possible credit card breach stemming from its POS (point-of-sale) system.

“Reports indicate fraudulent charges may have occurred elsewhere after payment cards were legitimately used at some restaurants,” Wendy’s spokesman Bob Bertini told Reuters. “Until this investigation is completed, it is difficult to determine with certainty the nature or scope of any potential incident. We have hired a cybersecurity firm to assist, but are not disclosing the name at this point.”

The brand name is different, but the story is much the same. It seems the attack focused on individual stores and the malware was planted in POS systems to gather credit card numbers, according to KrebsonSecurity, which broke the news. Other restaurants and retailers that have been hit in a similar fashion include Jimmy John’s, Landry’s, P.F. Chang’s, Dairy Queen, Chick-fil-A, retail giant Target and Home Depot.

ADVERTISEMENT

“Old POS systems are easy to compromise,” Simon Crosby, CTO of endpoint security firm Bromium, told us. “They are often unpatched, and typically run POS software that requires admin privileges, so an attacker can easily run whatever code they please.”

What Retailers Should Do

Wendy’s could not immediately be reached for comment, but Jonathan Cran, VP of operations at bug bounty platform Bugcrowd, said one of the most important things to note is that it’s often a merchant bank or individual cardholder working in collaboration with a reporter to disclose the issue publicly.

“This either indicates that the organizations are either withholding or, more likely, have limited or no knowledge of the breach,” Cran said. “Given the distributed nature of these systems, and the lack of tooling, the breaches are difficult to detect prior to exfiltration of the information.”

Travis Smith, senior security research engineer at advanced threat detection firm Tripwire, said that security is often an afterthought on point of sale systems. Although details of the Wendy’s breach are not yet publicly known, there are some quick steps that organizations with point-of-sale devices can take to protect their customers at little to no cost, he said.

“Most of the credit card stealing malware sends the customer card data to a location on the Internet. Lock down the point of sale devices to prevent them from accessing the Internet,” Smith said. “Second, monitoring for changes to the devices can alert the staff to take appropriate steps to contain a possible breach before it spreads.”

Will Retailers Wake Up?

Cran said the best thing retailers can do is set up a public channel to accept input from researchers and banking industry professionals.

“Also worth noting, as the frequency of these breaches is increasing, there may be a rush from the underground to collect non-EMV cards before all retailers mandate them. EMV (which stands for Europay, MasterCard and Visa) chips will help prevent actual card duplication, but they won’t prevent online theft,” he said.

And brick and mortar retailers have to wake up to the risks inherent in their businesses, according to Crosby. “Perhaps a few more well publicized breaches will help retailers wake up. That said, I’m not hopeful,” Cran said. “That’s why chip-plus pin/sign and PCI standards are so important. We need to move the world forward.”

Image Credit: The Wendy’s Company.

TJ:

Posted: 2016-01-27 @ 4:12pm PT

Well, it’s not called ‘P.O.S.’ for just the one reason.

This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.

ADVERTISEMENT

ADVERTISEMENT
Just in:
Ingdan Announces 2023 Annual Results // Experience Ultimate Shopping Freedom at 4.4 Shopee Spree: Don’t Worry, Shop Shopee! // Superland Announced Annual Results for 2023, 2023 Net Profit Increased approximately 39.5% to approximately HK$22.2 million as Compared to the 2022 Adjusted One // Hope for Respite as UAE Endorses UN Plea for Gaza Truce // Konica Minolta is named ASEAN 2023 Market Leader in Colour Light and Mid Digital Production Printers // AI Boost for Galaxy Devices: Samsung Expands One UI 6.1 Update // Party Nominees Refusing To Contest: Major Perception Threat For BJP // Sunshine’s Debut Features Leave Tech World Scratching Its Head // Ajman Celebrates Conclusion of Ramadan Activities with Grand Ceremony // Infineon and HD Korea Shipbuilding & Offshore Engineering jointly develop ship electrification technology // Andertoons by Mark Anderson for Thu, 28 Mar 2024 // In Lok Sabha Polls In Punjab, AAP Is Advantageously Placed As Against Its Three Rivals // Emirates Post Speeds Up Deliveries for GCC with Special Day // Arvind Kejriwal Was Used By BJP In 2011 Movement To Take On The Congress // No running of govt from jail, says Delhi Lt Governor // Lisboeta Macau’s world first LINE FRIENDS PRESENTS CASA DE AMIGO and BROWN & FRIENDS CAFE & BISTRO has officially opened // Arvind Kejriwal Gets International Heft Against The Deshi Vishwaguru // Samsung Partners National Heritage Board to Bring a Slice of Singapore’s Cultural Heritage to Samsung The Frame TV // U.S. Compliance Takes Center Stage at OKX Following Industry Jitters // German Job Market Resilience Bodes Well for Economic Recovery //