Convenience store chain Wawa disclosed today a card breach after its security team found malware installed on its payment processing systems.
Wawa said the malware collected payment card information from customers who used credit or debit cards at their stores and gas stations.
The malware was installed on its servers on March 4 this year, and was discovered on December 10, and removed two days later on the 12.
Wawa CEO says data breach involving malware on their payment processing servers may have affected, well, all of their locations. https://t.co/MDa9pSjfRo
— briankrebs (@briankrebs) December 19, 2019
Point-of-Sale systems infected with malware represents a huge drive-thru for cybercriminals that only need to plant the malware and run while siphoning off credit card information without breaking a sweat. Restaurants and chains must keep a sharp eye out for these intrusions with continuous monitoring and updating patches across the network. To fight fraud after credit card information has been stolen, restaurants and other hospitality companies offering services in the card-not-present (CNP) space need to identify customers additionally by analyzing their online behavior combined with hundreds of other identifiers that hackers can\’t imitate or steal. Leveraging a fully integrated multi-layered security approach that includes passive biometrics is one way to make stolen information valueless to the hacker and stopping incidents of fraud.