Digital Forensics & Incident Response Strategic Services Advanced Testing Services G2G Marketplace Managed Security Services
December 2, 2019
CBI Security Alert: Restaurant Credit Card Breach

According to a recent Krebs on Security article, a group of hackers released four million debit and credit cards stolen from four different restaurant chains across the Midwest and Eastern US.

The hackers breached the remote access service created to maintain the payment processing systems by spreading malicious code to it. It is not clear whether the remote access services were poorly configured. They distributed the malware to approximately 50% of the more than 1750 locations. The obtained data was then sent out of the POS system to a hacker’s server relatively slowly for almost four months to avoid detection by making it appear like regular traffic.

Once installed in the POS system of a merchant, the malware gave the unrestricted hacker control over the terminals of the POS. The malicious code functions by obtaining payment data when the card is swiped through the checkout machine of a retail store. To extract card data, the malware scrapes the POS terminal’s RAM, where it is possible to decrypt the data. 

The Significance of the Event

The breach illustrates that consumers’ payment card data is susceptible to cybersecurity attacks at their preferred retail stores, including restaurant chains. A majority of consumers and retail chains are not diligent when it comes to the payment card security. While secure chip-based cards and security standards for companies that deal with payment cards have been rolled out, a majority of consumers are yet to switch to the cards, and restaurant chains have not yet implemented the standards. Additionally, the restaurant chains have not purchased the secure chip-based readers to facilitate the change to secure cards by their customers.

Conversely, firms that have already implemented the standards and purchased secure chip-based cards have noted a decrease in the number of payment card data that can be compromised. Krebs (2019) indicates that 80% of businesses that receive chip cards realize a drop of 87% in counterfeit fraud for consumers and retail owners that have upgraded their payment cards to chip cards. Therefore, firms and consumers need to invest in more secure chip cards to reduce breaches of crucial data from the businesses’ POS systems. 

Steps to Solve the Issue

To prevent such breaches proactively, retailers can use software that offers end-to-end encryption, install two-factor authentication for remotely accessing their POS, install an antivirus on the POS system, and fully comply with PCI standards to prevent potential issues in the future. Usually, end-to-end encryption tools offer fortification by encrypting card data right after the POS device receives it and after it is sent out to the server of the software. Thus, the data is secured, offering protection regardless of where the hackers may install malware.

What is more, business firms can install endpoint protection software on the POS system to thwart infiltration by malicious malware. The antivirus scans the POS software and detects any problematic files or apps that should be removed instantaneously. Also, the antivirus can provide alerts concerning areas that may be affected to facilitate the cleansing process to guarantee malicious code does not obtain any data. Ensuring that all elements of the POS system, including online shopping carts, servers, card readers, networks, and routers, are PCI compliant can alleviate the chances of malware infiltrating the system.

Avoiding Being a Victim of Counterfeiting Fraud

First, I would recommend consumers to upgrade their payment cards from the conventional model to the more secure chip cards. According to Krebs (2019), it is more expensive to counterfeit chip cards compared to traditional cards, which discourages cyber-thieves from attempting to crack their details.

Secondly, I would do some basic research to establish the retail shops that accept cards to ensure that I use payment cards at stores that accept chip cards only while insisting on using cash at stores that are yet to upgrade their card readers. The step will alleviate the chances of my payment cards being intercepted at one of the branches of the vulnerable restaurant chains

Thirdly, I would notify stores that I often shop at about the need to upgrade their card readers to improve the security of their POS systems and in turn, the details of their customers’ payment cards. The susceptibility of POS systems provides the main point of breach and improving its security would significantly reduce the incidence of successful cyberattacks.

How can CBI help?

CBI can be of much assistance to retail companies and restaurant chains with vulnerable POS systems regarding the prevention of breaches. We can assess the vulnerability of a merchant’s POS system through penetration tests. Additionally, CBI have personnel that are updated on matters concerning POS system security, making them the most suitable choice for analyzing a firm’s POS system.

Upgrade events can be relatively expensive and sophisticated for businesses that need to implement them. Still, CBI can recommend how implementation can be accomplished in phases depending on the clients’ budgets. Vulnerable firms can also seek the assistance of CBI when incorporating PCI standards to guarantee efficiency.

About the Author
David Mamikonyan CBI
David Mamikonyan
Vice President | Professional Services
David Mamikonyan leads CBI's highly skilled engineering practice and is responsible for our complete integration team. He brings advanced technical expertise in cyber security analysis, design, and implementation. David works with global senior leadership teams to assess and recommend security technologies, architectures, network and IT controls.
I Need To...
S
Safeguard my data and my brand
Solutions
E
Envision my cybersecurity program
Digital Forensics & Incident Response
C
Comply with regulations
Strategic Services
U
Uncover what I have
Advanced Testing Services
R
Run my cybersecurity operations
Managed Security Services
E
Elevate my business
Why CBi