American high-end fashion retailer, Vera Bradley, revealed yesterday that it is investigating a payment card breach that may have affected cards used at the retailer’s stores between July 25, 2016 and Sept. 23, 2016. The company said law enforcement alerted them on Sept. 15, after which it enlisted help from a computer security firm. The findings show there was unauthorised access to the company’s payment processing system, in which a program was installed that looked for payment card data, including cardholder name, expiration date, card number and internal verification codes. George Rice, senior director, payments at HPE Security – Data Security commented below.
George Rice, Senior Director, Payments at HPE Security – Data Security:
Any businesses using POS systems can avoid the impact of these types of advanced attacks. Proven methods, such as Format-Preserving Encryption are available to neutralise data from breaches either at the card reader, at the point of sale, in person or online. Leading retailers and payment processors have adopted these data-centric security techniques with huge positive benefits: reduced exposure of live data from the reach of advanced malware during an attack, and reduced impact of increasingly aggressive PCI DSS 3.2 compliance enforcement laws, laws aimed at making data security a ‘business as usual’ matter for any organisation handling card payment data.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.