Back to all posts

Ellie Delany

June 20th, 2017

5min Read

What We’ve Seen In Payments So Far This Year

As the availability and accessibility of various methods of credit card acceptance grows, so does the number of threats on security and consumer data. We’re halfway through 2017, and already we’ve seen several malware attacks on large corporations, leading to data breaches and the exposure of personal and sensitive information.

Let’s take a closer look at a few malicious software attacks that have impacted companies including Chipotle, Kmart, and DocuSign just this year.

MALWARE ATTACKS

Chipotle

This breach was a result of a malware searching for track data, which can hold cardholder name, number, expiration date and internal verification code. According to Chipotle, the data was collected and read from the magnetic strip of a card as it was routed through the point-of-sale device. The breach affected over 2,250 locations in 25 days, with 22 locations in Connecticut alone attacked. What was at risk for the customer? The data maliciously collected is often used to make fraudulent online purchases, or create “clone” cards to use in other places.

Kmart

For the second time in three years, Kmart stores were infected with malicious coding. Their in-store payment data systems were attacked by a virus undetectable by current software. Years before, their partner store Sears faced a similar breach, both involving malware designed to steal credit and debit card information from hacked point-of-sale devices. Similar to Chipotle, once hackers obtain this information, they can effectively clone cards and use them to purchase high-priced merchandise. Kmart has not disclosed how many stores they estimate to have been affected by the breach.

DocuSign

“As part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email,” DocuSign published in on their website last month. The company then said the breach only contained a list of email addresses, and all other data remained untouched. Data security is a primary component of DocuSign, and although no credit cards were compromised, the hack was highly risky for DocuSign users.

Two-thirds of the attacks mentioned above have something in common: the hacking of a point-of-sale device. While malware attacks have become somewhat inevitable, the data being sought during these attacks can be protected with powerful security solutions, including point-to-point encryption (P2PE), tokenization, and EMV-ready terminals, all of which play an important role in protecting customer information.

CardConnect is proud to offer its patented tokenization as part of its CardSecure solution, because it makes data stolen by hackers essentially useless. The tokens CardConnect uses to replace sensitive information are randomly generated, irreversible and unique. Although tokenization doesn’t prevent malware attacks, it can certainly mitigate the effects.

The good news about this year is, what we’ve seen so far isn’t all bad. There’s also been an exciting increase in the use of mobile point-of-sale devices.

MOBILE PAYMENTS

Mobile payments have been exploding in Payment Card Industry – and with this comes an increased need for mobile Point-of-Sale devices. Business Insider Intelligence predicts that there will be 27.7 million mPOS devices in the U.S. by 2021, increasing from just 3.2 million in 2014.

To support this trend, CardConnect offers products to make mobile payments easy, safe and reliable. The CardPointe mobile app is free to download and available for both iOS and Android devices. To compliment the app, the CardPointe mobile device is also available, which is a small, portable plug-in that easily plugs into the audio port on devices and is especially efficient for on-the-go transactions.

Another area of growth this year has proven to be the adoption of EMV-enabled terminals, which play a major role in helping to protect consumer information.

EMV TERMINALS + CHIP CARDS

Credit card fraud has been a growing problem in the U.S. for years, costing U.S. consumers $16 billion in 2016, according to zdnet In response, card networks have made the switch to EMV security, otherwise known as: the chip card. The microchip in EMV cards serves as an extra layer of security, because each transaction is authenticated with a code that cannot be re-used. This makes the chips extremely difficult to duplicate, so a cardholder’s information is more safely stored. Although relatively new to the U.S., businesses are quickly catching up to the standard: in Q3 of 2016, more than half of all businesses had upgraded, increasing from just 31 percent the year before according to Business Insider.

We’re happy to see this increase in adoption, because the combination of EMV with tokenization and P2PE is a very powerful solution for protecting data.

CardConnect utilizes patented, unique technology to ensure the safest and most secure transactions. Our terminals, like the CardPointe retail terminal are EMV-enabled, and protected by CardSecure (tokenization plus P2PE). During a transaction, our terminal uses a one-time used tokenized code to validate the card and its user. This specific code changes with each transaction, so once it’s been used it is no longer valid. This prevents the theft of customer information for the the use of creating counterfeit credit cards.

One thing is for sure when looking at this year’s trends: the payment card industry’s technology is ever-growing. Although this provides new and exciting opportunities for the industry, the growth also calls for advanced security measures, as customer information is more vulnerable than ever.

To learn more about how CardConnect can protect your business and customer information, visit cardconnect.com/cardsecure.


Connect with us

blog comments powered by Disqus