As US ‘fast food’ restaurant chain Wendy’s is investigating claims of a possible credit card breach at some locations, a Wendy’s spokesperson Bob Bertini, said: “We have received this month from our payment industry contacts reports of unusual activity involving payment cards at some of our restaurant locations. Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants. We’ve hired a cybersecurity firm and launched a comprehensive and active investigation that’s underway to try to determine the facts.” Security experts from Balabit and Proofpoint have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Kevin Epstein, VP of Threat Operations at Proofpoint:
How can PoS security be improved?
“Organizations need to upgrade cybersecurity systems with modern targeted attack protection and threat response systems—and go beyond legacy perimeter security. Without targeted attack protection, security teams are ill-equipped to defend against sophisticated threats that easily bypass outdated systems. Automated threat response, backed by reliable and current threat intelligence, is also crucial. IT has to be able to understand breach occurrence and impact asap, and close the holes immediately. These technologies can reduce the impact of breaches by ensuring systems compromises are more rapidly detected and sealed. If a central breach is confirmed, it places further emphasis on the ongoing need for the upgrades.”
Do you have any remediation tips?
“Restoring consumer confidence is paramount—organizations should immediately notify anyone possibly impacted by a breach and recommend how they can stay protected. Consumers can immediately place a ‘fraud lock’ or ‘credit freeze’ on their credit records to mitigate the financial aspects of identity theft. Cyber attacks’ most expensive aspect isn’t cleanup; it’s brand damage. For security teams facing a breach, it’s critical to quickly identify the attack source and implement new, modern protective systems to prevent recurrence. Having the right people, process and technology in place and testing it regularly will make the containment of a breach more effective.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Péter Gyöngyösi, Product Manager of Blindspotter at Balabit:
“The fact that something’s going on was discovered by the algorithms that analysed the payment transactions and saw that unusual things were happening: fraud detection has a long and good track record in the payment and financial industries. The emerging technology of security data analytics and user behaviour analytics (UBA) enables enterprises to use the power of the same algorithms in other parts of their infrastructure and identify the unusual activities of attackers well before they’d get to charge those credit cards.”[/su_note]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.