A data breach occurs when confidential or sensitive information is accessed without authorization. This can happen when an individual gains unauthorized access to a computer or network, or when physical records are stolen. A data breach can have serious consequences for both individuals and organizations. For individuals, it can lead to identity theft and fraud. For organizations, it can damage reputation, lead to financial losses, and result in costly regulatory penalties. Data breaches can be difficult to detect and prevent, but there are steps that both individuals and organizations can take to reduce the risk of a data breach.
This week we learned of another fairly sizable card data breach involving merchants using Harbortouch point of sale systems. Over 4,200 merchants were involved and financial institutions are already seeing fraudulent transactions. The number of compromised cards has not yet been quantified.
Harbortouch confirmed the breach in a statement to Krebs, saying,
“The incident involved the installation of malware on certain point of sale (POS) systems.” They added, “The advanced malware was designed to avoid detection by the antivirus program running on the POS System. Within hours of detecting the incident, Harbortouch identified and removed the malware from affected systems.”
For issuers, instances like this remind us that data breaches don’t have to be national in scope or involve a well-known retailer to be very concerning to cardholders. A good cardholder plan of attack should be put in place because, unfortunately, this will not be the last incident. Preventative fraud measures such as limiting transaction amounts and requiring PINs for all debit card transactions help, but are not convenient for the customer. A rapid approach for getting new cards back in the hands of cardholders, perhaps an EMV card, is also needed so your particular payment product doesn’t get relegated to the back of their wallet.
Overview by Sarah Grotta, Director, Debit Advisory Service at Mercator Advisory Group
Read the full story
