[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Harbortouch is Latest POS Vendor Breach
From: InfoSec News <alerts () infosecnews ! org>
Date: 2015-05-01 8:53:32
Message-ID: alpine.DEB.2.02.1505010853210.15779 () infosecnews ! org
[Download RAW message or body]
http://krebsonsecurity.com/2015/05/harbortouch-is-latest-pos-vendor-breach/
By Brian Krebs
Krebs on Security
May 1, 2015
Last week, Allentown, Pa. based point-of-sale (POS) maker Harbortouch
disclosed that a breach involving "a small number" of its restaurant and
bar customers were impacted by malicious software that allowed thieves to
siphon customer card data from affected merchants. KrebsOnSecurity has
recently heard from a major U.S. card issuer that says the company is
radically downplaying the scope of the breach, and that the compromise
appears to have impacted more than 4,200 Harbortouch customers nationwide.
In the weeks leading up to the Harbortouch disclosure, many sources in the
financial industry speculated that there was possibly a breach at a credit
card processing company. This suspicion usually arises whenever banks
start feeling a great deal of card fraud pain that they can't easily trace
back to one specific merchant (for more on why POS vendor breaches are
difficult to pin down, check out this post.
Some banks were so anxious about the unexplained fraud spikes as stolen
cards were used to buy goods at big box stores that they instituted
dramatic changes to the way they processed debit card transactions.
Glastonbury, Ct. based United Bank recently included a red-backgrounded
notice conspicuously at the top of their home page stating: "In an effort
to protect our customers after learning of a spike in fraudulent
transactions in grocery stores as well as similar stores such as WalMart
and Target, we have instituted a block in which customers will now be
required to select ‘Debit' and enter their ‘PIN' for transactions at these
stores when using their United Bank debit card."
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic