Best Buy says a small portion of its customers may have been affected by a data theft attempt in late 2017.

One of the nation's largest technology retailers was hit with a cyberattack, one that may have exposed consumers' sensitive financial information to prying eyes.

Best Buy, the Richfield, Minnesota-based multinational consumer electronics retailer, informed customers via its website about the breach, which it believes took place in 2017, USA Today reported.

"We, like many businesses, use a third-party for the technology behind this service, and that company, [24], told us recently that they were the victim of a cyber intrusion," Best Buy corporate noted in an official statement. "Their information suggests that the dates for this illegal intrusion were between Sept. 27 and Oct. 12, 2017."

The company went on to note that if, indeed, [24] did have its cyberwalls overrun, some Best Buy customers may have had their data stolen. It stressed, however, that "only a small fraction" of its online customer base was impacted, as far as it knows.

Best Buy encouraged its customers to reach out by email or through the company's website should they have any comments or concerns. It also assured those who were affected that they won't be charged for fraudulent purchases, whether done via credit card processing or some other payment means.

This most recent incident is only the latest to affect the retail sector. Other companies that have experienced a breach in 2018 include Saks Fifth Avenue, Panera Bread, Kmart and Sears. 

911 Software has the point of sale technology that can help protect customers' data privacy. Click the "Products" tab at the top of the page to learn more.

Atlanta's servers were struck by a crippling ransomware attack in March.

Cybersecurity isn't an issue confined to consumers or business owners. In one fell swoop, entire cities can be crippled electronically by unsuspecting online users clicking on something they shouldn't.

This is precisely what Atlanta is experiencing after a devastating ransomware attack that has resulted in headaches and hassle for hordes of people.

"The SamSam virus hit Atlanta on March 22."

As reported by multiple sources, city services were stymied on March 22 when a ransomware strain – dubbed SamSam – hit Atlanta's servers. Numerous public officials were locked out of their laptops and handheld devices. Even run-of-the-mill services – like parking meters – were rendered effectively useless. Financial documents for government workers were also hit, preventing some individuals from accessing them.

"Everything on my hard drive is gone," Amanda Noble, Atlanta city auditor, told Reuters.

Noble noted she knew something was wrong right away when she showed up for work March 22, only to discover upon launching her personal computer that it had been hacked.

How ransomware works
While there are many strategies cybercriminals use to gain access to private data, ransomware is increasingly popular because of its reach and capacity to cause maximum harm. A type of malware, ransomware produces a screen or image when a computer or server is hit, with verbiage telling the user their software has been compromised and their data encrypted. The only way they can get it back is by paying a dollar amount that the hacker establishes. Security experts note while the monetary demands can be substantial, they're usually not astronomic, as their end game is victims actually coming up with the money. However, even if those affected have the means, there's no guarantee hackers will release the data once payment is made.

"It's extraordinarily frustrating," Atlanta councilman Howard Shook told Reuters. Shook noted the SamSam worm led to the losses of 16 years' worth of digital data.

While businesses and consumers have been the main targets, cities and towns are increasingly in hackers' crosshairs. Last year, Yarrow Point, Washington was hit with a ransomware strain. As noted by, the mayor wound up paying to get the stolen data back, to the tune of $10,000. Purveyors of the SamSam virus demanded $51,000, according to The New York Times.

"Ransomware attacks rose sharply in 2017."

6 in 10 say they've never heard of ransomware
Although ransomware attacks are increasingly prevalent, they're not something that many people have heard about. In a survey conducted by Acronis, 60 percent were not familiar with the term, despite its fallout expected to lead to $11 billion in worldwide losses in 2019. Additionally, forms of ransomware, or variants, rose 46 percent in 2017.

"When it comes to a ransomware attack, prevention is the most effective defense," warned Eric O'Neill, counterintelligence operative who used to work for the FBI. "No business or person is safe. An effective data protection strategy, which includes regularly backing up data and training employees, can go a long way in keeping your data out of the hands of cybercriminals."

Ransomware is an equal opportunity offender, immobilizing servers, mobile devices and even credit card payment processors. 911 Software has the services you need to keep your business – and your customers' financial data – protected.

One of the more well known national bakery franchises was hit with a cybersecurity attack.

Relative to other industries, the restaurant and food service sector has remained relatively unscathed from cyberattacks, whether due to more effective credit card processing strategies, compliance or simply good fortune. But major eateries are increasingly feeling the fallout, with Panera Bread the latest victim.

First reported by KrebsOnSecurity, hackers were able to successfully breach Panera Bread's website, surfacing the credit card information specifics of a disputed amount of customers. Not only were their account numbers leaked, but mailing addresses, names and birth dates were exposed as well.

"Panera may have known about the breach since August 2017."

Perhaps the most egregious aspect of the compromise is the fast-casual chain reportedly knew about the breach but failed to publicize it, KrebsOnSecurity reported.

Brian Krebs, cybersecurity writer and purveyor of the website that broke the story, indicated the breach became known to him after receiving an email from a cybersecurity researcher, who said he informed Panera about the matter last summer. Panera IT director Mike Gustavison replied, saying the company was "working on a resolution," but eight months later, the breach hadn't been resolved.

"No, the flaw never disappeared," wrote security researcher Dylan Houlihan to KrebsOnSecurity. " He added in the email that he checked on the status of the situation on a fairly regular basis, once every month or two.

John Meister, Panera Bread chief information officer, told CNBC that the issue when first reported to the company was addressed and contained, but they have since implemented added measures to ensure due diligence.

"Panera takes data security very seriously and this issue is resolved," Meister told CNBC. "Following reports today of a potential problem on our website, we suspended the functionality to repair the issue. Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved."

Panera says breach leaked data on 10,000 customers
But there's conflicting information on just how big the breach was. Meister informed CNBC the leak was isolated to 10,000 customers, but Kreb said his intel and sources put the total at 37 million.

The fast-casual bakery and cafe franchise is the latest company to feel the effects of cybercrime. Each passing day seems to bring yet another, and in a variety of industries, like retail, social media, transportation and health care. According to IBISWorld, the entertainment industry, commercial banking, health and medical insurance and big box retail are among the leading sectors that have seen greater amounts of security threats. Target informed customers back in 2013 roughly 40 million customer credit cards and debit cards were exposed, but further investigation revealed the hack involved 110 million customers.

More recently credit agency Equifax experienced a similar incident, wherein follow-up analysis found the breach impacted more accounts than originally presumed. But in March, Equifax announced 2.4 million more customers were affected than its first estimate, putting the total number at nearly 148 million, according to The Washington Post.

Gavel on legal dictionary. The Equifax breach is resulting in lawsuits for the credit agency.

Massachusetts set to sue Equifax
While a breach may not necessarily result in hackers obtaining consumers' identifiable data, it provides them the opportunity. Those actually affected have turn to the courts for legal recourse. In fact, a state court recently gave the go ahead for Massachusetts to file a class action lawsuit against Equifax on behalf of the businesses and consumers impacted, Reuters reported.

Suffolk County Superior Court Judge Kenneth Salinger, who rendered the decision, noted the lawsuit had standing because Equifax is duty bound to protect the sensitive data of its customers, which it failed to do.

"These allegations state a viable claim for violation of the data security regulations," Salinger wrote in his decision, as quoted by Reuters.

Businesses that neglect to use the proper credit card processing security measures can feel the adverse consequences in a host of ways, including public relations, productivity and earnings. 911 Software provides the tools to keep your customers' data behind closed doors.

Saks Fifth Avenue says its systems were compromised during the Easter weekend holiday.

Dozens of retailers have been affected by cybercrime over the past decade or so, some on multiple occasions. Luxury brand Saks Fifth Avenue is the latest to fall victim to the pervasive threat, the hacker exposing sensitive data conducted via credit card processing.

Hudson's Bay, which owns both Saks Fifth Avenue and Lord & Taylor, confirmed the security breach took place the final weekend of March, The Wall Street Journal reported, one of the busier periods on the sales calendar given the Easter holiday.

"We have identified the issue, and have taken steps to contain it," the company's spokesman stated, as reported by the newspaper. He went on to mention that the proper authorities have been informed of the breach and the company is doing everything it can to assure customers' protection. This includes Hudson's Bay providing complimentary identity theft protection services, which also features credit monitoring.

"Data breaches are expected to increase in 2018."

Even though most businesses today recognize the threat identity theft poses and have put in place security strategies, hackers are seemingly adjusting to the obstacles thrown in their way. Although it's not yet known what type of breach perpetrators used in this most recent incident, security experts believe ransomware attacks will proliferate in 2018 and beyond. Last year, ransomware cost those victimized $5 billion and in 2019, the financial toll is expected to reach $11 billion, according to Acronis.

Eric O'Neill, data security expert and former FBI counterterrorism and counterintelligence operative, said ransomware attackers don't discriminate.

"No business or person is safe," O'Neill warned. "An effective data protection strategy, which includes regularly backing up data and training employees, can go a long way in keeping your data out of the hands of cybercriminals."

While investigators aren't sure about the means by which the Saks Fifth Avenue breach was performed, they're pretty sure about who's behind it. The group is known as JokerStash Syndicate. Dmitry Chorine, chief technology officer at Gemini Advisory, told the WSJ that this entity was able to skirt past security and tapped into the luxury retailer's point of sales system. He added JokerStash – otherwise known as Fin 7 – has been involved in breaches before, though they were far smaller in scale.

Quarter million credit cards exposed
As for how many customers had their payment data outed, Gemini Advisory puts the preliminary total at 125,000 credit cards, The Wall Street Journal reported.

Easter weekend typically sees increased customer traffic for retail stores and chains and this past holiday was no different. Spending is projected to exceed $18 billion, which if reached would be a near all-time high, according to the National Retail Federation. Eighty percent of shoppers were forecast to spend $150 per person, mainly at discount and department stores.

"Customers are urged to check their accounts."

Saks Fifth Avenue has stores in 22 states
The Easter weekend breach remains an ongoing investigation. So far, Hudson's Bay says it believes the attack originated from one of its New York locations, The Associated Press reported, but it's also possible it came from a store in the Northeast. Saks Fifth Avenue has a presence in 22 states.

"We wanted to reach out to our customers quickly to assure them that they will not be liable for fraudulent charges that may result from this matter," the company said in an updated statement on April 2 at its website. "Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring."

It added customers should be sure to check their account statements and inform the appropriate credit card issuers immediately if they notice transactions conducted without their prior authorization.

911 Software specializes in processing solutions, providing secure POS systems since our founding in 1995. Contact us to learn more about installing the point of sale system you and your customers can trust.

Consumers have lots of credit cards to choose from, but many stick with one when buying.

Today's credit card processing software allows businesses to accept a wide variety of card types. However, with people being creatures of habit, million of Americans prefer to use the same one time after time, according to the results of a recent survey.

"More than 1 in 10 people haven't switched from their preferred credit card in 10 years or more."

An estimated 49 million Americans tend to go with the same credit card when paying for goods or services by credit, based on a new poll conducted by Additionally, of the nearly 1,700 adults who participated in the survey, 12 percent said they haven't switched cards in a decade or longer. That's the equivalent of 20 million people in the U.S. who haven't changed cards in 10 year or more.

Diversifying credit card use is best
There's nothing inherently wrong with going to the same credit card. But at the same time, credit diversification helps to strengthen credit scores, as the types of credit used is one of the factors credit agencies rely on to determine buyers' three-digit rating, according to Equifax. Other factors include payment history, the ratio between how much credit is used and what's available and account types.

It behooves businesses to accept more than one credit card type, as well, given that there are so many subscribers customers can choose from, not to mention the fact that many buyers do aim to switch up the frequency with which they purchase with one versus another.

More than 2 in 3 Americans pay by credit card 
Something that most Americans share in common is credit card utilization, viewing it as another way to buy when they're short on cash or shore up their credit scores. The third most common way Americans spend money is with credit cards, according to recent statistics available from Blackhawk Network. In 2016, nearly 70 percent of shoppers paid by credit card on one or more occasions, behind only cash and debit as more frequent payment types.

For more than 23 years, 911 Software has provided merchants with the superior, seamless, reliable card processing services that paying by credit is known for. We're a trusted payment solution firm, boasting tens of thousands of satisfied businesses since launching in 1995.

ATM cards were targeted at an unprecedented rate in 2017.

Card processors are everywhere, making paying by debit a breeze for customers with bank accounts. Recognizing the frequency with which this form of payment is used, fraudsters targeted debit cards last year, resulting in a sharp increase in reported breaches, according to newly released statistics.

In 2017, the number of compromised debit cards increased 10 percent, based on recent FICO analysis. Also, the compromised ATM and merchant device count rose 8 percent from 2016.

"3 in 4 consumers use debit cards to make payments."

TJ Horan, FICO vice president of fraud solutions, noted debit-related breaches have never been more prevalent than they are today.

"The number of compromises and the number of card members impacted set a new record last year," Horan explained in a press release. "While most devices are safe, fraudsters are developing new technology and methods for hacking ATMs."

Consumers these days have a variety of options to pay for goods and services, with debit being chief among them. Seventy-five percent paid with debit in 2016, the most recent year for which data is available, with 87 percent spending with cash, according to Blackhawk Network cash still the most common form, though not as prevalent as in yesteryear. In 2016, the most recent year for which data is available, 75 percent used debit on at least one occasion, according to Blackhawk Network. Eighty-seven percent spent with cash. 

Vigilance is paramount
In order to guard against being preyed upon, Horan advised consumers must be vigilant about their debit card use and should perform their due diligence by keeping tabs on their checking accounts to ensure that everything looks accurate. Unauthorized withdrawals should be flagged immediately and brought to banks, merchants or other financial institutions' attention.

It's no coincidence that as payment varieties have risen, financial security incidents have followed suit. Perpetrators today have a broader swath of payment vehicles to exploit, evidenced by fraud incidents reaching an all-time high in 2017. Indeed, 84 percent of executives acknowledge they, too, were impacted by fraud in 2017, according to analysis conducted by risk solutions provider Kroll. That's up from 82 percent in 2016.

Data-based fraud also affected everyday consumers at an unprecedented rate in 2017, not just through debit cards. There was an 8 percent increase in identity theft last year, according to calculations conducted by Javelin Strategy & Research, costing victims approximately $16.8 billion

Woman using ATM from her car. Drive-up ATMs can be difficult to guard against peering eyes.

Although the boom in payment vehicles gives scammers a larger pool of potential victims, consumers and business owners have more tools to keep themselves protected, Javelin Strategy & Research fraud and security expert Al Pascual noted. 

FICO offered consumers a few awareness strategies that can be helpful:

Contact card issuers immediately
Issuers aren't just there to facilitate a transaction; they're also available for customer assistance and assurance. If you lose your ATM card or have reason to believe it was compromised, inform the issuer about your suspicions and ask for a new card and number.

Get into the account checking habit
Online and mobile device tools have made due diligence a snap, but all too often, debit and credit card users fail to utilize them. Log on and take a peek at your account frequently to ensure there haven't been any unauthorized transactions.

Be cautious when withdrawing money from ATMs
ATMs get patronized regularly, many open and available 24 hours a day, seven days a week. Before withdrawing cash, ensure no one is peering over your shoulder or invading your personal space. Also, if an ATM looks old, outdated or unusual, steer clear and use one that your financial institution owns or may be affiliated with.

Your customers can protect themselves from the potential for fraud, but merchants can make the payment process more seamless and safe for their customers by investing in the proper card processing software. 911 Software, Inc. has the tools that can help thwart data theft.

Credit card and Social Security data were two of the information systems thieves exploited in 2017.

From credit card processing to mobile payment technology, consumers these days have a variety of ways in which to pay for products and services. At the same time, these eclectic purchase methods offer cybercriminals numerous opportunities to steal identities, and in 2017, the crime reached an all-time high, according to the results of a recent study.

Approximately 16.7 million Americans were victimized by fraudsters last year, based on newly released figures from Javelin Strategy & Research. That's the largest number of individuals affected by identity theft since 2003, when the San Francisco research and advisory firm first started recording the statistic.

"Identity theft incidents rose in 2017."

It's not as if business owners aren't aware of the threat posed to themselves and to their clientele. Companies have invested millions of dollars into mounting a successful defense against data hacking. However, those seeking to steal sensitive data are constantly refining their strategies in a bid to outmaneuver the obstacles that lie in their path. Unfortunately, they frequently succeeded in 2017, impacting 1.3 million more U.S. consumers last year than during 2016, the report found.

Al Pascual, Javelin senior vice president of research and point person for fraud and security, indicated that last year was a period that con artists will want to mimic in 2018.

"2017 was a runaway year for fraudsters, and with the amount of valid information they have on consumers, their attacks are just getting more complex," Pascual explained. "Fraudsters are growing more sophisticated in response to industry's efforts to implement better security."

Defenses used frequently insufficient
It may be that the cybersecurity steps business owners are taking aren't quite cutting it, even though they may seem sufficient at first blush. In a survey the Ponemon Institute conducted and IBM sponsored, nearly 8 in 10 organizations felt like the cyberdefensive strategies they'd implemented in the past year made them more resistant to being preyed upon by data thieves. Yet at the same time, more than three-quarters conceded they didn't have a formal cyber incident response program set up. Additionally, close to 50 percent said their cybersecurity plans were run-of-the-mill regular or so ad-hoc as to be tantamount to nothing. 

Ted Julian, IBM vice president of product management, said organizations' belief they're better off today than they were last year may stem from people they've hired who specialize in cybersecurity.

"Roughly 30% of data breaches in 2017 affected credit cards."

Social Security numbers in hackers' crosshairs
The ubiquity with which credit cards are used – in person and online – serves as fertile ground for cybercriminals to strike, which may explain why roughly a third of all consumer data breaches are credit card related, the report found. In 2017, however, more people had their Social Security numbers stolen than their credit cards, impacting 35 percent of respondents in the Javelin Strategy & Research analysis.

David Wagner, chief executive officer for email data protection and detection firm Zix, said hackers exploit any and every opening they can, whether it's directed at consumers or business entities.

"Companies need to re-evaluate and prioritize the security of data that is most critical to their success and growth, whether it be intellectual property they're storing in the network or confidential corporate information they're communicating in email," Wagner told Due, an online invoicing platform.

Wagner added that as important as reliable credit card processing software and other security technologies may be, it can't be the only method by which companies shore up their defenses.  Businesses must also more regularly and thoroughly review their "corporate governance structure," which when done on a more consistent basis, can provide clarity on what security strategies are working and which could use added reinforcement. As far as software is concerned, it's crucial to keep the mechanisms in place up to date, so push notifications informing users of security upgrades should be prioritized as soon as they make themselves known. 

The U.S. economy weathered quite the blow in 2016, as cybercrime resulted in billion-dollar losses.

Gross domestic product growth is robust and job creation is swift for the U.S. economy, an encouraging trend that has enabled both businesses and consumers to increase their earning power. But these successes weren't without some adversities along the way, much of it stemming from cybercrime, where companies – and by extension, the country's economy – were bilked out of their hard-earned money, a recent report reveals.

"Data security breaches may cost the economy upwards of $100 billion in 2016."

According to newly released figures from the Council of Economic Advisers, an arm of the White House, data security breaches cost the economy somewhere between $57 billion and $109 billion in 2016, Bloomberg reported. With companies accepting more forms of payment to improve convenience hackers have a greater number of avenues through which to steal identities and make off with sensitive data that businesses keep in their storage systems.

International cyberthreats significant
While most of the attacks come from within the U.S., cyberthreats are international, hatched from countries all over the world, including Iran, China, North Korea and Russia, the Council of Economic Advisers detailed in its report.

"These groups are well funded and often engage in sophisticated, targeted attacks," authors of the report wrote. "Nation-states are typically motivated by political, economic, technical, or military agendas, and they have a range of goals that vary at different times."

These attacks come in a variety of forms, the report went on to state, including ransom, where businesses are given an ultimatum: pay up or face the consequences. Those victimized may never get their data back – even if they do pay the ransom fee – or their computer systems may be infected with malicious software.

"The Cost of Malicious Cyber Activity to the U.S. Economy" report also defined the types of actors who participate in these attacks, among them so-called "hacktivists," which the CEA described as typically private individuals who are agenda driven, often politically.  

"Cyber threats are ever-evolving and may come from sophisticated adversaries," Bloomberg quoted from the CEA report. "Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate."

"Companies say they've hired more personnel to handle  data security."

77 percent admit they don't have a cybersecurity protocol
Some companies, however, may not be taking cybercrime as seriously as they ought to be, in effect believing they won't be compromised or simply failing to prioritize protection out of a false sense of security. More than three-quarters of businesses confess they lack a formal cybersecurity plan, according to a separate study conducted by the Ponemon Institute. Nevertheless, 7 in 10 are of the mind that they're in better position to fend off an attack than in 2017.

Ted Julian, vice president of product management at IBM Resilient, which sponsored the study, chalked up business owners' confidence to better staffing, hiring those who are trained to deal with hacks.

IT personnel represent only one part of the data security puzzle. 911 Software has the credit processing software that can more effectively shore up your company's defenses.

Oregon lawmakers are attempting to bring greater security and transparency to the credit card processing arena.

With credit card processing fraud increasingly prevalent – as well as other forms of identity theft – IT security experts and buyer-beware consumers are calling on the government to implement more defensive measures through which Americans can protect themselves when buying in store or online. Oregon appears on the cusp of making increased due diligence a reality.

On March 1, the Oregon House of Representatives overwhelmingly passed a bill that, if signed into law by Governor Kate Brown, would require merchants to inform customers of a successful cybersecurity attack within 45 days of its detection. Fifty-eight of the state's lawmakers voted in favor of Senate Bill 1551, with only one opposed.

Although increased scrutiny has been a brewing issue in Oregon for awhile now, SB 1551 got much of its verve after credit agency Equifax reported more than 145 million consumers' credit information had been compromised last year. Indeed, the nickname of SB 1551 is the Equifax bill.

Ellen Rosenblum, Oregon's attorney general, noted in written testimony that consumers in the Beaver State were particularly hard hit.

"1.7 million Oregonians were impacted by the Equifax data breach."

"Oregon fared no better – over 1.7 million of Oregonians' information was breached," Rosenblum stated, according to the East Oregonian. "As one cannot change their Social Security Numbers, this is a breach that will follow Oregonians for many years to come. Not only does the sheer size of the breach cause concern, but the Equifax story revealed many other failures and unfair practices."

The financial fallout from the cyber incident has resulted in class-action lawsuits against Equifax, filed on behalf of the thousands of Oregonians who were adversely affected, according to State Scoop.

"Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach," the text of a lawsuit filed in federal court charges. "Equifax could have and should have substantially increased the amount of money it spent to protect against cyber-attacks but chose not to."

Consumers can have credit frozen for free
Should SB 1551 be signed into law as currently constituted, in addition to the 45-day notice required of affected businesses, consumers would have the ability to have their credit identities frozen – and unfrozen – free of charge, according to the Statesman Journal.

Cyberattacks have become frighteningly frequent, especially for consumers who regularly use their debit and credit cards for payment processing. At least 1,579 breaches transpired nationwide last year, according to the Identity Theft Resource Center. That's a near 45 percent increase from 2016, a year which had held the all-time record.

Eva Velasquez, ITRC president and CEO, indicated that part of the notable rise stems from businesses being more forthcoming as to when they've been compromised.

"We've seen the number of identified breaches increase as a result of industries moving toward more transparency," Velasquez explained. "We want to encourage businesses and government entities to continue to provide timely reports to their respective Attorney Generals [sic] so consumers can be better informed on what are the immediate and long-term impacts to their personal information by any given data breach."

Stack of credit cards. Credit card data is one of the main sources thieves steal identities.

Eight states have credit freeze legislation in place
Oregon isn't the only state making cybersecurity more of a priority, and in the process, giving consumers and business impacted more outlets through which to address these issues when they present themselves. Indiana, Maine and the Carolinas have laws in place permitting residents to freeze their credit profiles at no charge, as noted by State Scoop. New Jersey, Maryland, New York and Colorado offer similar services but they may be required to pay a fee to have the freezes removed.

Paul Cosgrove, a representative for the Oregon Bankers Association, told the Statesman Journal the Equifax hack was an eye opener because it touched so many lives.

"We are all subject to clever and very smart hackers and we need to be especially watchful to make sure our systems stay one step ahead of them," Cosgrove warned.

While the credit reporting giant initially believed the attack affected 141 million consumer, it announced recently that new evidence suggests it was more pervasive, impacting an additional 2.4 million in the U.S. whose private data was compromised.

In a statement, Equifax interim CEO Paulino de Rego Barros Jr. said the company will do everything it can to protect consumers and inform them directly if their identities have been stolen. The most common data cybercriminals seek are Social Security numbers and credit card specifics. In 2017, more than half of the reported breaches affected victims' Social Security and 19 percent debit and credit cards, according to the ITRC.

The best offense against cyberattacks is through a good defense. Contact 911 Software to learn more about the credit card payment software that can help keep consumers' financial data safe and secure.

Data theft incidents are becoming more and more common.

Although business owners are adopting more strategies to outwit cyberattackers bent on stealing consumers' sensitive data – such as with credit card processing software – hackers are refining their tactics as well. The lengths to which they've gone were evidenced last year, as data theft incidents reached a regretful record.

There were approximately 1,579 data breaches in the U.S. during the 2017 calendar year, according to recently released figures computed by the Identity Theft Resource Center. Not only was that higher than the total recorded in 2016, but it far exceeded it, jumping 45 percent.

"The business sector felt the majority of data breaches in 2017."

No industry was affected at a more prevalent rate than business. Indeed, 55 percent of breaches impacted the business industry, according to ITRC, with medical and health care in a distant second at 24 percent and banking rounding out the top three (9 percent). Education and government accounted for 8 percent and 5 percent, respectively.

In the health care sphere, insufficient training appears to be exacerbating the cybersecurity issue, according to audit and advisory firm KPMG. Of the 154 health care and science leaders that took part in a recent poll led by KPMG, a slight majority said they weren't aware of what the protocol was for how to deal with these events.

"To borrow a phrase from the movie Cool Hand Luke, 'what we've got here is a failure to communicate,' and that certainly applies to health care organizations in their cyberattack protocols and response plans," warned KPMG cybersecurity expert Michael Ebert. "Health care IT leaders need to communicate more effectively and frequently about the tremendous risks and potential ramifications tied to cyber incidents, and that includes training."

8 in 10 businesses hit by breach worldwide
The latest statistics on cybersecurity follows a similarly worrisome report, which showed the vast majority of companies worldwide experienced at least an attempted breach in 2017. According to the Kroll Annual Global Fraud & Risk Report, 86 percent of executives were impacted by an incident associated with the illegal access of financial data, a 1 percent increase from 2016.

When Social Security data is exposed, it can present a host of issues that can be difficult to reverse for those affected. This may explain why this type of data was attackers' prime target in 2017, with 158 million of them uncovered, based on data from the ITRC. Around 20 percent of these incidents were obtained through debit and credit card processing.

Karen Barney, director of program support at the ITRC, indicated that identity theft most definitely falls under the crimes of opportunity banner, as there are numerous avenues through which consumers' sensitive data can be obtained.

"While a Social Security number continues to be the most valuable piece of information in the hands of a thief, even the exposure of emails, passwords or usernames can be problematic as this information often plays a role in hacking and phishing attacks," Barney explained, according to Information Security Media Group.

Computer keyboard with word "hack" on one of the keys.Hackers preyed upon businesses' vulnerabilities last year in record numbers.

60 percent of breaches hack-related
Hacking was the lead method of operation for cyber thieves, ISMG reported from the study. Around 60 percent of the successful attempts were hack-related, with phishing being the most common at 21 percent. Malware breaches were the second-most frequent at 12 percent, followed by credit card skimming (2 percent).

Eva Velasquez, president and CEO of ITRC, told Information Security Media Group that the best data breach reports are highly detailed, because they provide information on what strategies cyber thieves are using. Fortunately, more businesses are putting this knowledge into practice.

"We're seeing more transparency from companies, including the actual number of records impacted,"  Velasquez said.

So long as businesses are processing payments, cybertheft is not only possible, it's probable. Get in touch with 911 Software to learn more about implementing an effective and preventive point of sale system.

The Subcommittee on Financial Institutions and Consumer Credit held a meeting on Feb. 14 regarding how to counter cyberattacks.

As local and franchise businesses install top-of-the-line credit processing software, attempting to stay a few steps ahead of identity thieves, lawmakers in Washington are considering passing a bill that would create a national data breach notification system. The thrust of the program would be to create a centralized reporting warehouse consumers and businesses could go to for more information about the latest scam or virus making the rounds. The law would also mandate entities inform their customers about breaches promptly if ever compromised.

But before legislators give it serious consideration, the National Retail Federation is imploring them to leave no stone unturned.

"The NRF says a breach notification system must not leave any holes."

In a statement issued by the world's largest retail trade association, the NRF stressed that in today's day and age, in which cyberscams are rampant, lawmakers can't afford a Band-Aid approach to countering data attacks. In short, if a program is going to be passed, each and every industry needs to be held accountable, as customers have a right to know what's happening with their sensitive financial information.

"American consumers want to know if their data has been breached no matter where the breach occurs," stressed Paul Martino, vice president and senior policy counsel at the NRF. "No industry should be allowed to keep its data breaches secret."

30 states have considered legislation
Several states already have data breach notification laws in place, including Delaware, Maryland and just recently New Mexico, according to the National Conference of State Legislatures. Since 2017, nearly two-thirds of state governments have at least considered bills that deal with cybersecurity awareness. No overarching federal law exists as of yet, even though the NRF has long called for a uniform national data breach bill.

Cyber incidents are not only more damaging, they're proliferating, in part because more people and businesses have an online presence. Last year, a whopping 84 percent of companies experienced fraudulent activity that used the internet as a means of entry, according to Kroll.

Hearing on cybersecurity held Feb. 14
The frequency of these attacks is part of the reason why Congress appears to be taking the issue more seriously. Indeed, the Subcommittee on Financial Institutions and Consumer Credit recently convened on Capitol Hill, where discussions were had on how the public might best deter cyberwarfare.

"Every year, the number and severity of data breaches seems to increase, and more Americans seem to become victims of fraud and identity theft," warned Blaine Kuetkemeyer, chairman of the subcommittee. "Consumers are left not only facing financial harm but also the daunting task of restoring the integrity of their personal information."

The ideal strategy is prevention. For more than 20 years, 911 Software has provided trusted payment processing solutions to tens of thousands of merchants. We're constantly refining our systems to help merchants of all types remain vigilant in today's highly connected age.

Three-quarters of businesses in five countries are vulnerable to cyberattacks, a new report suggests.

With the U.S. being the largest economy in the world and boasting the broadest base of regular internet users, reported security breaches among businesses get a lot of attention in the news media. These happen despite more companies going to greater lengths to secure the privacy of sensitive data.

But U.S.-based businesses are the only ones increasingly in hackers' crosshairs, and organizations may need to do more to shore up their defenses, a new report suggests.

"73% of businesses would be unable to weather a cyberattack"."

Almost 75 percent of businesses in five countries – the U.K. Germany, Spain, U.S. and the Netherlands – have insufficient cybersecurity protections in place, according to a recent report from Hiscox, a specialty insurance firm.

The report came to this conclusion through several stress tests, designed to gauge just how ready the 4,100 organizations polled were to handle cyberthreats on a real-time basis, both in terms of strategy as well as execution.

Two-thirds impacted by multiple cyberattacks in last year
Not only did the businesses' attempts at defense fail to pass muster, but a substantial percentage had already experienced a breach. Indeed, 45 percent were victimized by at least one attack in the previous year and 66 percent of those dealt with two or more, the report found. 

Gareth Wharton, cyber CEO at Hiscox, indicated 2017, in many ways, was the year of the hack.

"If anyone still harbored doubts about the severity of the threat, the events of the past year should have dispelled them," Wharton wrote in the report. " From the WannaCry ransomware attack to the hacking of one of the world's largest credit agencies, 2017 produced numerous reminders that operating in a connected world has fearsome perils."

This past September, credit agency Equifax disclosed that an estimated 145 million consumers' financial data had been impacted by a breach, including consumers' Social Security numbers, home addresses and driver's license information. However, as The Wall Street Journal and Associated Press reported, additional information may have been compromised, such as email addresses and income tax documents. 

Financial fallout averages $229,000
Aside from the public relations toll cyberattacks can have on organizations, they pale in comparison to the financial impact. The average incident costs upwards of $229,000, the Hiscox report determined, but that's a ballpark estimate, as company size can result in financial damages in the millions of dollars. For instance, the average cost for U.S.-based companies with 100 employees or more was $1 million, but averaged $24,000 for small-business owners in Spain.

"87% of businesses in Canada have experienced at least one cyberattack."

Businesses in Canada – both large and small – aren't immune to cyberthreats either, as attacks there are proliferating. In the typical year, around 450 breaches impact entrepreneurs, based on a new report from IDC Canada. While these attacks aren't always successful, at least one was for nearly 90 percent of Canadian companies.

"As cybersecurity breaches become the new normal, organizations can't be complacent," warned Theo Van Wyk, chief security architect at Scalar Decisions, which commissioned the analysis. He further noted companies are experiencing attacks, despite having full-time security staff.

IT personnel may not be financially feasible for small-business owners, due to limited resources. The Hiscox study revealed that for organizations with 250 employees or fewer, around 10 percent of their operating budgets go toward cybersecurity, well below the 12.2 percent large companies devote to defenses, like up-to-date payment processing software.

Cyberattacks are a clear and present danger for businesses, particularly those that accept a variety of payment denominations. The experienced engineers at 911 Software have the point of sales systems that are optimized for privacy, without compromising convenience.

Hackers created  data catastrophes for a majority of businesses last year, according to a new report.

Last year will certainly go down as one of the more memorable periods for problems plaguing business owners. Wildfires, floods, tornadoes and damaging hurricanes tore a path of destruction that had many wishing they'd better prepared. But Mother Nature wasn't the only threat that was seemingly unrelenting. The ominous clouds of cybercrime left business owners with a real mess on their hands.

In 2017, nearly 85 percent of business owners – including small, midsized and large – were impacted by some variety of cyberwarfare, according to newly released statistics from risk solutions firm Kroll. That's up from 82 percent in the 2016 annual poll and 61 percent in 2012. In fact, cyber incidents have risen on an annual basis for five consecutive years.

"Data theft was the most common cyberattack last year for businesses."

From phishing to ransomware, cyber scams come in many forms and varieties, with some more devastating and hard to reverse than others. In 2017, data theft was the most prevalent type, the report found. Nearly 30 percent of managers surveyed acknowledged they were affected by stolen information, a 5 percent uptick from 2016. The second most common was theft of physical assets, like stocks or bonds.

Jason Smolanoff, Kroll senior managing director and global security practice leader, indicated that as the document and payment processing world leans further into the paperless camp, hackers have more opportunities to wreak havoc and cause panic.

"In a digitized world with growing levels of data creation, collection, and reliance for businesses, information assets have become increasingly valuable and exposed to threats," Smolanoff explained. "Exacerbating the challenge of safeguarding data is that criminals and other threat actors are continually developing new ways to monetize confidential information, including personal data."

States fighting back
Business owners aren't taking these attempted incursions lying down, however. In addition to securing high-quality internet security protection they're also obtaining state-of-the-art credit card processing software, which better protects consumers' sensitive data from being illegally accessed. Several states are getting in on the counteroffensive. For instance, in the Commonwealth of Massachusetts, the Attorney General's office just recently announced the creation of a data breach reporting portal. Area firms and organizations are urged to provide an account of what happened promptly should they be impacted by a successful or attempted breach.

In Florida, in partnership and consultation with research and advisory company Gartner, the Florida Center for Cybersecurity newly released a report detailing to what degree local businesses are protecting themselves and the personal data they have on file from customers.

Sri Sridharan, director of the Florida Center for Cybersecurity, said the analysis is meant to supply the Sunshine State's officials with an update on how resilient businesses are to the effects of cyber incidents.

"Good decisions come from good information," Sridharan explained. "For this report, Gartner looked at many aspects of cybersecurity – from education, workforce demand, and economic factors to technical issues such as incident response capability.

He added that given the ubiquity of data theft, consumers, educational facilities and business entities can't afford to be reactive; they must be proactive.

"Attacks are costing businesses more to recover from."

Incidents cost businesses 7 percent of annual revenues
Some who may be taking cybersecurity too cavalierly are paying a costly price. In 2017, cyberattacks caused businesses economic losses averaging between 5 percent and 10 percent of revenues, the Kroll annual fraud and risk report found. That's up from a 3 percent average overall in 2016.

Being victimized by a cyberattack can unspool a thread of challenges and liabilities that can be next to impossible to control once hackers find an opening. Credit card payment software from 911 Software can help you stay one step ahead. Learn more about our products, processors and services at the top of our homepage.

Massachusetts has a new online portal for residents and business owners to report data security attacks.

If Massachusetts-based businesses encounter a security breach, in which their in-store payment processing software is hacked or are victimized via e-commerce channels – they now have a local outlet through which to report such a crime.

The Bay State now has a Data Breach Reporting Online Portal, the Office of the Massachusetts Attorney General recently announced. By dialing up the website – located at – affected companies can provide details on the nature of the security breach, how many people were affected and what, if any, steps were implemented to stop the attack or make the appropriate parties aware of what happened.

Maura Healey, Massachusetts' attorney general, indicated both business owners and consumers in the Bay State ought to have every resource available to them to stop these vicious attacks that can prove ruinous to individuals' credit and business owners' public persona.

"Data breaches are damaging, costly and put Massachusetts residents at risk of identity theft and financial fraud," Healey warned in a press release. "So it's vital that businesses come forward quickly after a breach to inform consumers and law enforcement.

Time is of the essence when financial accounts are attacked, Healey added, which is why the newly installed data breach reporting portal is a vital tool of which business owners should make full use.

Even though identity theft awareness has improved, hackers are constantly refining their strategies, aiming to exploit vulnerabilities that either customers or organizations neglected to address. Attacks come in a variety of forms, with some varieties being more ubiquitous than others. For instance, in 2017, ransomware incursions jumped 93 percent from the previous year, according to estimates from software solutions firm Malwarebytes. They rose 90 percent among businesses.

90 percent increase in ransomware attacks for businesses
Ransomware attacks have been around for awhile – tracing back to the late 1980s – but they've grown in popularity along with online access, creating outlets through which hackers can strike. They're done by tricking online users into clicking on a link that looks benign, but in reality installs software that effectively hijacks the system. Only the attacker knows how to free the data and demand payment for the information stolen to be released. Even after paying the ransom, though, there's no guarantee the stolen data will be released or fully recovered.

Breaches are equal opportunity offenders, impacting ordinary citizens, consumers and business places of various sizes. In Massachusetts, at least 21,000 instances of data being compromised were reported to the attorney general's office. More than 3,800 transpired in 2017, which wound up adversely impacting in excess of 3 million residents throughout the state.  

Keep customers in the loop
The National Cybersecurity Alliance advises business owners to make every effort in ensuring their customers know how their financial information is stored so individuals can take the appropriate precautions. For instance, instead of using debit cards for payment – which may be more vulnerable to a breach than other payment methods – credit cards can be a safer alternative, data security experts advise.

To learn more about implementing credit processing software that guards against security leakages, contact us at 911 Software online or by calling directly. 

Cybersecurity breaches will take on many forms in 2018, but one to especially be watchful of is ransomware.

It may be a new year, but cybercriminals are expected to reach into their same old bag of tricks in 2018 to steal sensitive data. However, certain types of subterfuge are poised to become more common, with ransomware attacks chief among them.

According to MIT Technology Review – as well as several other hi-tech information and awareness websites – ransomware incursions will likely proliferate in 2018, affecting both small businesses as well as large organizations.

Appropriately titled, ransomware is a particularly pernicious variety of attack that wrests control of computer systems from users. Though there are several ways in which ransomware plots are carried out, they're usually done through deception by tricking users into believing they're downloading a benign file that is actually malicious software, effectively hijacking the system and decrypting it. The only way for users to regain control is by paying the ransom the originator of the attack demands.

In addition to MIT Technology Review warning about the potential for ransomware attacks to intensify, eWeek issued a similar advisory.

"Ransomware will continue to plague organizations with 'old' attacks refreshed and reused," warned Andrew Avanessian, chief operating officer at Avecto, a Massachusetts-based software management and security firm. "The threat of ransomware will continue into 2018."

"More than 250,000 computers were affected by the WannaCry virus."

Avanessian referenced that perhaps the best examples of ransomware's impact in 2017 were the WannaCry and NotPetya viruses, which targeted Microsoft Windows operating systems through the use of a cryptoworm. All told, more than a quarter-million computers in 150 countries were adversely affected by the contagion, with economic damages in the billions.

Over 1 in 4 ransomware events struck businesses in 2017
Although ransomware doesn't discriminate – everyone has the potential to be exploited – business owners are increasingly the main targets. Last year, for example, more than a quarter of ransomware attacks – 26.2 percent – impacted companies, according to Kaspersky Lab. That's up from 22.6 percent in 2016. What's more, nearly two-thirds of ransomware victims lost a "significant" amount of data, with 1 in 6 never regaining the information stolen, despite their paying the ransom.  

"Ransomware attacks will continue to grow at double-digit rates," Gartner analyst Avivah Litan told Security Boulevard. "I think we'll continue to see the growth of mass ransomware attacks against corporations and large institutions rather than small victims."

Illustration of ransomware in binary code. Ransomware attacks aren't expected to slow down in 2018.

Many small businesses forced to closed after attacks
But this is hardly an indication everyday consumers and small-business owners are in the free and clear, because if they're attacked, the fallout can be devastating. Of the 33 percent of small and medium-sized businesses that went through a ransomware attack last year, approximately 22 percent folded, based on survey estimates performed by Osterman Research on behalf of Malwarebytes.

"Businesses of all sizes are increasingly at risk for ransomware attacks," advised Marcin Kleczynski, Malwarebytes CEO. "However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise."

Despite ransomware and other viruses making the rounds, many Americans remain unaware about how they can protect themselves on the internet. Only 20 percent of respondents in a Pew Research Center study correctly answered 8 out of 13 questions that quizzed participants on their cybersecurity acumen. And just 1 percent finished the test error-free.

Cloud 9 has the resources businesses can use to identify and defend potential vulnerabilities and keep their payment processing software secure. Contact us to learn more.

The world's first wallet card, a single credit card-sized device capable of holding multiple payment accounts, was recently announced at the Consumer Electronics Association's CES 2018 awards by Visa and Dynamics.

Visa and international payment card producer Dynamics recently revealed their wallet card at the Consumer Electronics Association's CES 2018 awards.

According to a Visa press release, their version of the card identical in size and shape to a traditional card but has the ability to host multiple cards accessible through an on-card digital screen. The card also features EMV, magnetic strip and contactless payment technologies, meaning it's accepted by nearly any retailer.

"There is still much that can be done to update the card-based experience, which continues to be the primary form factor used globally to complete digital payments transactions," said Mark Nelsen, senior vice president of risk and authentication products at Visa, in the company press release. "We're excited about the many unique benefits that the Visa Wallet Card can offer to both financial institutions and cardholders, alike."

Wallet card's capabilities and functionalities

"The wallet card can work for some as an alternative to mobile wallets."

The card has over 200 internal components and is hailed as the first payment device of its kind that incorporates the Internet of Things, according to a Dynamics press release.

Here are some of its most significant technological features:

  • An internal cellphone chip and antenna allow quick and seamless data transfer between the bank and the cardholder anywhere in the world.
  • A 65,000-pixel display used to cycle through payment cards and information screens.
  • Programmable EMV chip, magnetic strip and contactless chip that can change based on the particular card profile selected. It can host debit, credit, prepaid, multicurrency, one-time use and loyalty cards.
  • A organic battery that recharges itself through use and requires no additional activity from the cardholder.

Key wallet card benefits

The wallet card helps improve consumer security and prevent fraud through rapid data response and card replacement. If information for one card is compromised, the bank can immediately delete it's information from the card device and issue a new account number.

The on-card screen can also receive messages at any time. Users can request that transaction notifications be sent to the card or updates on their remaining account balances. If a suspicious charge is found, the bank will send a notice to the card where the owner can report any activity they see as fraudulent.

Business Insider said the wallet card can work for some as an alternative to mobile wallets. Many consumers are not yet convinced of the security benefits of mobile wallet use and this device can function as a more familiar, physical version of that technology.

The diversity of the wallet card's payment systems makes it capable of being used at virtually any card processing terminal and merchants should prepare for its potential presence in the market with the use of efficient credit card payment processors.

To learn more about implementing effective credit processing software, get in touch with 911 Software today.

There are a number of trends and changes affecting the payment industry in 2018 that retailers should be aware of.

As the technology behind how payments are conducted changes with the progression of time, so too does the nature of payments themselves.

Trends can quickly come and go as consumer tastes and best practices evolve. To stay ahead of the curve, retailers and payment providers should stay informed on the direction the industry may head in. Here are some things companies in the payments market should be aware of in 2018.

Greater customer agency in managing payment forms

"EMV tokenization is expected to become more universal."

In today's world of payments, consumers expect their checkout experiences to be as safe as they are seamless. They demand that all their devices and any forms of payment on them have air-tight security.

As a result, Mastercard announced a plan to release application programming interfaces for card issuers that allows users to view all their payment cards across their devices in a single place, according to Forbes.

"Today's consumers are smarter and have higher expectations than ever before," said Kiki Del Valle, senior vice-president of commerce for Mastercard, to Forbes. "We are providing the consumers with the tools they need in the Internet of Things era."

Allowing consumers to manage all their methods of payment can give them more power over their finances and opportunities to stop suspicious activity.

Data security boosts via tokenization

Mobile Payments Today reported that the numerous data breaches throughout 2017 led many in the industry to assume consumer data is generally not safe.

A solution could come via EMV payment tokenization. This security process, which adds a layer of anonymity to retail interactions and can restrict token usage to specific devices, transaction types or merchants, is widely used for purchases involving near field communication. The system can fight fraud by allowing threats to be isolated in real time based on where malicious activity occurs.

EMV tokenization is poised to become more universal because of its security benefits across merchants and card issuers. The systems managing its use will grow more complex and specialized token service providers will prove to be pivotal in simplifying the technique for retailers and consumers.

Rewards for purchases

A report from Accenture noted consumers received $15 billion worth of card payment rewards, like travel miles and cash back, in 2016. Card holders aim to receive even more perks in the future.

Accenture's research found that 48 percent of shoppers would switch their primary rewards card for another if given the opportunity to earn more rewards with each purchase. Another 67 percent said they wanted to redeem their rewards at the point of sale when swiping their cards.

Retailers can stay ahead of the curve in 2018 with effective, secure and up-to-date card processing infrastructures.

To learn more about implementing effective credit processing software, get in touch with 911 Software today.

Restaurants in the fast-casual style of dining are increasingly implementing self-service kiosks for customers to use.

A new service trend is hitting the restaurant industry in the form of self-ordering kiosks – large, screen-based digital interfaces that allow customers to order and pay for their meals without assistance from traditional servers. Software review site Software Advice conducted a study and found that 85 percent of the U.S. consumers surveyed were familiar with self-service kiosks.

Chris Ciabarra, co-founder and chief technology officer at self-service company Revel Systems is confident that this technology will become increasingly popular in America.

"I see rapid [self-service] kiosk adoption across multiple verticals," Ciabarra told Software Advice. "They're already a standard in Asia and Europe, and this will be a natural progression to consumer behavior in the U.S."

The devices usually incorporate EMV-friendly pos card processing hardware and software, as well as options for alternative payment methods like digital wallets, Apple Pay and Android Pay. However, restaurants incorporating self-ordering kiosks in their business model could potentially into compatibility issues between the POS system of the kiosk and that of the restaurant as a whole.

Disharmony a possibility for self-service kiosk integration

"Most POS system providers do not yet make functionalities for self-service kiosks."

Retail payment news site Point of Sale noted that successful implementation of self-service stations requires restaurants to attempt to unify their POS structures. Ideally, the sales data collected by the kiosks should be accepted by the restaurant's existing POS provider and visible alongside all other sales data. That information should also have the ability to be viewed separately from the other POS terminals to examine individual kiosk sales.

A potential problem arises due to the fact that most POS system providers do not yet make functionalities for self-service kiosks. Kiosk manufacturers generally provide their own processing software and with an abundance of providers, this could create problems for kiosk-makers and the restaurants that hope to use their products.

Businesses hoping to integrate these self-ordering services must first research their compatibility options before making any investments into the technology.

Popularity of technology is growing

Even amid unification concerns, restaurants are still adopting the self-ordering kiosks, particularly those in the quick service and fast-casual style eatery industries. Last year Fortune Magazine reported  fast-food titan McDonald's announced it planned to install kiosks at 14,000 of its U.S. locations, including some in Chicago, Washington D.C. and Seattle. At the time, kiosks were already being used at 500 locations in New York, Florida and southern California.

The Software Advice study found 50 percent of participants preferred ordering and paying themselves over being assisted by a server. This could be due to growing security concerns in letting a server walk away with cards to process payments, during which time the card information could be stolen.

To learn more about implementing effective credit processing software, get in touch with 911 Software today.

Restaurant chain Sonic Drive-In is the latest victim to a cyberattack, with potentially millions of customer credit and debit cards being sold in online black markets.

National chain restaurant Sonic Drive-In was recently the victim of a cyberattack that resulted in the potential theft of millions of stolen debit and credit card accounts from the company's POS card processing terminals.

The breach was initially investigated by Brian Krebs, former investigative reporter for the Washington Post and owner of cybersecurity news site Krebs On Security, which broke the story on Sept. 17.

According to his report, multiple financial institutions told Krebs about multiple financial institutions that a pattern of fraudulent transactions stemming from cards used at some of the 3,500 nationwide Sonic Drive-In locations. Upon further investigation, he found that many cards previously used at the restaurant appeared on the site Joker's Stash, a black market hub that allows criminals to buy card information stolen from unsuspecting consumers. The swiped data can then be copied onto blank cards and used freely and fraudulently.

The stolen accounts were categorized by their geographic locations. Offenders could then purchase cards stolen from people that lived near them to avoid an anti-fraud provision which flags or blocks suspicious transactions occurring in locations distant from the card holder's address.

Point of sale processors targeted for customer account information

"Hackers targeted the restaurant's payment processors by remotely spamming terminals."

Krebs notified the company of his findings and a representative provided him with a statement.

The statement noted that during the week prior, the company's credit card processor informed them of suspicious activity occurring with credit cards used to make purchases at the restaurant. Law enforcement and a third-party forensics team was then contacted following the news. During these investigations, policing agencies limited the amount of information the company was able to disclose, but it said it would provide details when they were able. 

Sonic then released public statement on Oct. 4 officially acknowledging the data breach. The announcement said the company was still working with authorities and offered free fraud protection to affected customers, but had no additional information on which stores were affected and how many cards were compromised.

Hackers targeted the restaurant's payment processors by remotely spamming terminals with malware, which copied customer account data stored on a card's magnetic strip. According to Nation's Restaurant News, the company recently installed new POS processing systems at 77 percent of its locations. The updated technology was meant to reduce costs and replace the previous Micros Oracle platform, which was over 30 years old. It is still unclear whether the data theft occurred through the new processing units or ones the company has yet to replace.

It's important that companies have the most up-to-date payment processing software available to reduce the chances of falling prey to attacks by malicious hackers. The more secure a payment system is, the more secure customer and company data is.

To learn more about implementing effective credit processing software, get in touch with 911 Software today.

Implementation of contactless EMV payments has been slow in the United States, but that could change in the next few years.

Change can be a difficult thing to facilitate and accept for some. For Americans in particular, replacing the tried and true magnetic strip cards with the more complex and unknown technology of EMV has been a sluggish, ongoing process compared to some other countries.

Adoption rates in the U.S. have increased vastly over recent years, but consumers were slow to initially accept the shift.

In the case of implementing contactless EMV payments technology a half-measure more advanced than standard EMV transactions, consumers are even more reluctant to adjust. 

But recent reports show that there could be large uptick in consumers and businesses employing contactless payments.

More hardware activation and card distribution on the horizon

Apple Pay, Android Pay, iWallet, and Samsung Pay have grown increasingly prevalent in the public consciousness and have paved the way for more widespread use of contactless payments.  According to Javelin, a research firm specializing in consumer transactions, payments spurred by those companies has led to EMV terminal manufacturers automatically adding contactless payment hardware into their machines for free.

"In the next wave of [EMV] card issuance, Javelin believes the speed and convenience offered by contactless EMV cards could be instrumental in gaining top-of-wallet status, as well as attracting and retaining more affluent customers," said Michael Moeser, Javelin's director of payments, retail and small business, in a company press release.

Even with the hardware already in place, that does not automatically mean businesses will immediately begin accepting contactless payments. The hardware has to be activated and as of 2015, only 21 percent of all U.S. establishments enabled that functionality. But Javelin estimated that by 2019, over one third of businesses in the country will welcome contactless payments.

According to, technology analysis and research company ABI Research stated 25.7 million contactless cards were shipped in 2016. That number is expected to rise to just below 230 million by 2021.

Phil Sealy, a senior analyst at ABI Research, told that cards typically have a three-year life span and since EMV cards were issued in 2014, many will need to be replaced in 2017 and the new cards will feature contactless chips.

Although the new cards will allow consumers to use contactless payments at the increasing number of businesses that will take them, there is no guarantee that that will indeed occur, at least right away. However, just as EMV technology took time for its influence to spread, so too will the public need more opportunities to adapt to the usage of contactless payments.

To learn more about implementing effective credit processing software, get in touch with 911 Software today.