CCR Magazine

You are here  :Home arrow News arrow Wendy's reports possible credit card breaches at multiple restaurants - comments
Contact Us Newsletter Signup RSS Feeds

Latest News Headlines


Commercial Credit News


Wendy's reports possible credit card breaches at multiple restaurants - comments PDF Print E-mail
Thursday, 28 January 2016

In response to last night's news of a customer data breach at Wendy’s, George Rice, senior director, payments at HPE Security-Data Security, commented:“More than ever, retailers must put data security at the top of their priority lists. Common approaches to security may no longer be secure as criminals are armed with increasingly effective malware and hacking tools. At the same time, retail innovations such as EMV, mobile payments and mobile wallets enhance the customer experience but may also introduce security vulnerabilities for the merchant.

"Retailers should develop security strategies that meet the highest cryptographic standards, are easy to maintain and allow for continuous advancement of the merchant’s payment ecosystem.

"We recommend a data-centric approach to data security that uses format preservation. This allows for sensitive data to be protected at the moment of acceptance and remain protected throughout its lifecycle in the organisation.

"Retail malware is typically designed to steal clear data in memory from Point of Sale (POS) applications, resulting in the loss of magstripe data, EMV card data or other sensitive data exposed at the point of sale. And unfortunately, POS systems are often the weak link in the chain -- they should be isolated from other networks, but often are connected. A checkout terminal in constant use is usually less frequently patched and updated, and is thus vulnerable to all manner of malware compromising the system to gain access to cardholder data.

"Fast food, and any businesses using POS systems, can avoid the impact of these types of advanced attacks. Proven methods are available to neutralize data from breaches either at the card reader, at the point of sale, in person or online. Leading retailers and payment processors have adopted these data-centric security techniques with huge positive benefits: reduced exposure of live data from the reach of advanced malware during an attack, and reduced impact of increasingly aggressive PCI DSS 3.1 compliance enforcement laws, laws aimed at making data security a ‘business as usual’ matter for any organization handling card payment data.

"The good news is that savvy merchants are already tackling this risk and giving the malware nothing to steal through solutions that also have a dramatic cost reducing benefit to PCI compliance. Encrypting the data in the card reading terminal ahead of the POS eliminates the exposure of live information in vulnerable POS systems. The attackers get only useless encrypted data."

Rice offers these tips for retailers: "Only collect customer data that you need and can adequately protect. Why do you need date-of-birth or social security numbers, for example? Encrypt or tokenize everything you determine to be mission-critical.

"Protect data at the moment of submission by the customer. Criminals know to embed malware near to data acceptance points, like point-of-sale systems or web front-ends.

Only unprotect data when absolutely necessary. A high percentage of the time, applications and users can work equally well with a surrogate value.”

Simon Crosby, CTO and co-founder at Bromium, added: "Many Point of Sale systems have not been upgraded for years, and in anticipation of "chip and sign" changes to credit cards, some vendors have held off even longer, waiting for the latest technology before they upgrade. A simple rule of thumb: If a vendor does not support chip and sign, pay cash"

 Forums International Ltd

Forums International Ltd

 Attendance at your first meeting is free of charge, and please quote reference 'CCR2016' to receive the special 10% discount off of your first annual subscription.

Find out more here.

latest issue

CCR Cover

The latest edition of CCR Magazine, the leading editorial publication in the UK credit industry, is out.

Read the latest issue online


CCR is the premier magazine for consumer and credit professionals. It provides an independent voice to the industry, breaking major news stories and running in-depth features.

As a magazine, it works with and campaigns on behalf of the credit industry to promote its importance as a centre of potential profit and business development to the wider business world.

Subscribe to CCR Magazine

CCR World Magazine


Providing information and analysis for thousands of senior credit professionals worldwide, every quarter.

Find out more

GTS Media Ltd
81 Cambridge Road

Registered in England No: 05483197