Clothing store chain Eddie Bauer said it has detected and removed malicious software from point-of-sale systems at all of its 350+ stores in North America, and that credit and debit cards used at those stores during the first six months of January may have been compromised in the breach. George Rice, senior director, payments at HPE Security – Data Security commented below.
George Rice, Senior Director, Payments at HPE Security – Data Security:
“Retail malware is typically designed to steal clear data in memory from Point of Sale (POS) applications, resulting in the loss of magstripe data, EMV card data or other sensitive data exposed at the point of sale. And unfortunately, POS systems are often the weak link in the chain — they should be considered insecure even after implementing EMV. A POS terminal in constant use is usually less frequently patched and updated, and is thus vulnerable to all manner of malware compromising the system to gain access to cardholder data.
Any businesses using POS systems can avoid the impact of these types of advanced attacks. Proven methods, such as Format-Preserving Encryption are available to neutralise data from breaches either at the card reader, at the point of sale, in person or online. Leading retailers and payment processors have adopted these data-centric security techniques with huge positive benefits: reduced exposure of live data from the reach of advanced malware during an attack, and reduced impact of increasingly aggressive PCI DSS 3.2 compliance enforcement laws, laws aimed at making data security a ‘business as usual’ matter for any organisation handling card payment data.
The good news is that savvy merchants are implementing Format-Preserving Encryption, giving the malware nothing to steal, which also has a dramatic cost reducing benefit to PCI compliance. Encrypting the data in the card reading terminal ahead of the POS eliminates the exposure of live information in vulnerable POS systems. The attackers get only useless encrypted data.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
There are a number of commonly used verification tools out…
Phishing remains a relentless and highly effective cybersecurity threat. Despite…
Each year, Cybersecurity Awareness Month serves as a valuable reminder…
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…