BBB Scam of the Week: "Point of Sale" Data Leak

By  | 

MONROE, La. (KNOE) - When consumers are in a hurry to grab a quick bite at a local fast-food restaurant, you might want to think about the payment card risk now more than ever.

Courtesy: Ivan David Gomez Arce / CC BY 2.0

The latest data leak comes form the fast-food restaurant Sonic. Christi Woodworth, vice president of public relations at Sonic, said "the investigation is still in its early stages, and the company does not yet know how many or which of its stores may be impacted accounts apparently stolen from Sonic are part of a batch of cards that Joker's Stash is calling "Firetigerrr," and they are indexed by city, state and ZIP code. This geographic specificity allows potential buyers to purchase only cards that were stolen from Sonic customers who live near them, thus avoiding a common anti-fraud defense in which a financial institution might block out-of-state transactions from a known compromised card.

Malicious hackers typically steal credit card data from organizations that accept cards by hacking into point-of-sale systems remotely and seeding those systems with malicious software that can copy account data stored on a card's magnetic stripe. Thieves can use that data to clone the cards and then use the counterfeits to buy high-priced merchandise from electronics stores and big box retailers.

Prices for the cards advertised in the Firetigerrr batch are somewhat higher than for cards stolen in other breaches, likely because this batch is extremely fresh and unlikely to have been canceled by card-issuing banks yet.

Financial institutions also bear some of the blame for the current state of affairs. The United States is embarrassingly the last of the G20 nations to make the shift to more secure chip-based cards, which are far more expensive and difficult for criminals to counterfeit. But many financial institutions still haven't gotten around to replacing traditional magnetic stripe cards with chip-based cards. According to Visa, 58 percent of the more than 421 million Visa cards issued by U.S. financial institutions were chip-based as of March 2017.

Retailers that accept chip cards may present a less attractive target to hackers than those that don't. In March 2017, Visa said the number of chip-enabled merchant locations in the country reached two million, representing 44 percent of stores that accept Visa.
But only the consumer can make the decision of how to pay for the item being purchased.

So remember, as a consumer think carefully about your method of payment at the point of sale on food or any other purchase. The best offense could be a good defense in this case.