[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Harbortouch is Latest POS Vendor Breach
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2015-05-01 8:53:32
Message-ID: alpine.DEB.2.02.1505010853210.15779 () infosecnews ! org
[Download RAW message or body]

http://krebsonsecurity.com/2015/05/harbortouch-is-latest-pos-vendor-breach/

By Brian Krebs
Krebs on Security
May 1, 2015

Last week, Allentown, Pa. based point-of-sale (POS) maker Harbortouch 
disclosed that a breach involving "a small number" of its restaurant and 
bar customers were impacted by malicious software that allowed thieves to 
siphon customer card data from affected merchants. KrebsOnSecurity has 
recently heard from a major U.S. card issuer that says the company is 
radically downplaying the scope of the breach, and that the compromise 
appears to have impacted more than 4,200 Harbortouch customers nationwide.

In the weeks leading up to the Harbortouch disclosure, many sources in the 
financial industry speculated that there was possibly a breach at a credit 
card processing company. This suspicion usually arises whenever banks 
start feeling a great deal of card fraud pain that they can't easily trace 
back to one specific merchant (for more on why POS vendor breaches are 
difficult to pin down, check out this post.

Some banks were so anxious about the unexplained fraud spikes as stolen 
cards were used to buy goods at big box stores that they instituted 
dramatic changes to the way they processed debit card transactions. 
Glastonbury, Ct. based United Bank recently included a red-backgrounded 
notice conspicuously at the top of their home page stating: "In an effort 
to protect our customers after learning of a spike in fraudulent 
transactions in grocery stores as well as similar stores such as WalMart 
and Target, we have instituted a block in which customers will now be 
required to select ‘Debit' and enter their ‘PIN' for transactions at these 
stores when using their United Bank debit card."

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/

[prev in list] [next in list] [prev in thread] [next in thread]