It is like a monthly pattern at this point - a major retailer discovers suspicious activity, confirms credit and debit card account information was stolen and then makes the necessary changes to prevent it from happening again.
For the month of October, the victim of note is Kmart. The seller identified a potential breach on Oct. 9 and launched a full investigation into the attack alongside a security IT firm to discover any gaps and patch them up to bolster security in the future. Fortunately, in this instance, the breach was caught early, only a month after it was first launched, so Kmart was able to limit the data stolen by fraudsters.
“According to the security experts we have been working with, our Kmart store payment data systems were infected with a form of malware that was undetectable by current anti-virus systems,” a press release from the company explained. “We were able to quickly remove the malware. However, we believe certain debit and credit card numbers have been compromised.”
While credit and debit card numbers were likely stolen by the perpetrators, Kmart believes no debit card PIN numbers, personal information, email addresses or social security information were obtained by those behind the attack. Additionally, there was no evidence found that would suggest Kmart.com users were jeopardized in any way.
The push for new encryption and security tools
Point-of-sale solution developers have likely begun to notice the push for greater security at retail and hospitality locations. With major brands frequently falling victim to attacks, this activity has to put the seed of doubt in the minds of many sellers - perhaps their data has already been jeopardized and it is going undetected? As they say in the cybersecurity business, there are two types of companies: those that have been breached and those that just do not know it yet.
New forms of encryption are being bandied about as one of the solutions to this issue and they can help significantly by making POS systems less of a target. Technology such as tokenization takes away some of the allure of retailers’ data centers because they no longer hold sensitive information. POS developers need to keep these options in mind as they determine their path forward with integrated payments support.
Contact Datacap for more info on Encryption and tokenization.