Landry’s Inc., a restaurant and hospitality corporation that owns popular eateries such as McCormick and Schmick’s, Rainforest Cafe and Del Frisco’s, was infected by malware that infected its order-entry systems to steal customer payment card information. The malware was able to infiltrate Landry’s systems despite having end-to-end encryption enabled.
The Landry breach is a prime example of why all credit card systems have to be secured throughout the payment chain, including devices that are not meant to store credit card information. At the same time, without educating employees, it is only a matter of time before bad actors find the weak spot and capitalize on it. The entire payment chain needs to be secured on the technology side while paying special attention to the human element. Implementing best practices and processes for employees is essential as they often act as the first line of defense.
Justin explains, “To fight fraud after credit card information has been stolen, restaurants and other hospitality companies offering services in the card-not-present (CNP) space need to identify customers additionally by analyzing their online behavior combined with hundreds of other identifiers such as typing patterns that hackers can\’t imitate or steal. Leveraging a fully integrated multi-layered security approach that includes passive biometrics is one way to make stolen card information valueless to the hacker trying to shop online.
The Landry’s breach illustrates a fundamental cybersecurity challenge in 2020: businesses are forced to deal with increasingly sophisticated threats while also rapidly adopting new technologies that can introduce new exposures. Even with data protection mechanisms enabled, hackers were able to exploit older POS systems with malware to gain access to customer data. To manage the growing range of attack vectors, businesses need to adopt a Zero Trust model that engages security verification from user systems and IoT devices to networks and applications. More integrated controls are the only way to secure the complete digital ecosystem required by the modern economy.