It has been reported that fashion retailer, Forever 21, has announced that there had been unauthorised access to data from payment cards used at some of its stores. The California based company said the breach was focused on transactions made at its stores between March and October this year. Forever 21 said only certain point of sale devices in certain stores were affected when the encryption on those devices was not operating. IT security experts are commented below.
Robert Capps, Authentication Strategist and Vice President at NuData Security:
“Back in 2015, Forever 21 made an effort to secure their clients’ personal data through encryption and token-based authentication methods. This measure has reduced the impact of this potential breach – still under investigation. However, this higher-security system was still not implemented in some point of sale (PoS) devices, putting those clients’ information at risk. We are glad to see companies enhancing their security, but they should also be diligent and implement those new technologies across all placements. Forever 21 is the example of what happens when you fail to do so: hackers are attracted to your security gaps like bees to a honeypot.
“There is also the question of why the personally identifiable information (PII) hackers steal is still enough to make fake transactions or purchases. If retailers include a layer of dynamic verification technologies such as behavioural biometrics, they will not need to rely solely on the customer’s static data to verify them, and this stolen information will become useless for hackers. Companies should use a fully integrated multi-layered security approach – so if a verification vector fails there are other layers to trust – that includes passive biometrics. Retailers need to identify customers by including their online behaviour combined with hundreds of other identifiers that hackers can’t imitate or steal. Retailers should also take the time to assess all their security systems and potential gaps before the holiday rush.”
Craig Stewart, VP EMEA at Venafi: