High-end fashion retailer, Vera Bradley, has reported that its point of sale system in its stores suffered a security breach, possibly compromising payment cards used to make purchases. IT security experts from Cryptzone and ESET commented below.

Leo Taddeo, Chief Security Officer at Cryptzone:

LeoTaddeo“Cybercriminals have an insatiable thirst for credit card data and they’ll stop at nothing to get it. POS data breaches continue to generate enormous illicit profits for cybercriminals, making it essential for retailers to deploy several layers of defences.  Legacy perimeter defences should be replaced with more flexible software defined perimeter (SDP) solutions.

“The SDP architecture allows enterprises to isolate critical systems and deploy two proven effective countermeasures.  First, block the attacker at the infiltration phase with robust, context-based authentication. Next, strictly enforce the “need to know” principle by limiting access by an insider, privileged user, or subcontractor/vendor to only those services needed for business use. These SDP features limit exploitation of the most common vulnerabilities and reduce the chances of a successful POS attack.”

Mark James, Security Specialist at ESET:

mark-james“POS systems have been a desirable target for a while now because they often have an immediate reward in relation to effort expended. The type of data extracted will usually include card numbers, expiration date and cardholders name, and this information could easily be matched with previously stolen data and used for identity theft or fraud purposes. In these cases it is important that the affected user has all the information relating to the breach made available to them as soon as possible.

Cancelling credit cards is a pain but when it comes to finances it’s better to be safe than sorry. Breaches are sadly a part of our online activity that we personally have no control over.

However, what we can do is lessen the impact of such occurrences by monitoring our financial statements for inconsistencies or small unknown transactions. This may alert you to unauthorised use but it is very much down to the company breached to let the end user know about such occurrences as soon as possible and Vera Bradley have done a good job here.”

Information Security Buzz