Atlanta's servers were struck by a crippling ransomware attack in March.

Cybersecurity isn't an issue confined to consumers or business owners. In one fell swoop, entire cities can be crippled electronically by unsuspecting online users clicking on something they shouldn't.

This is precisely what Atlanta is experiencing after a devastating ransomware attack that has resulted in headaches and hassle for hordes of people.

"The SamSam virus hit Atlanta on March 22."

As reported by multiple sources, city services were stymied on March 22 when a ransomware strain – dubbed SamSam – hit Atlanta's servers. Numerous public officials were locked out of their laptops and handheld devices. Even run-of-the-mill services – like parking meters – were rendered effectively useless. Financial documents for government workers were also hit, preventing some individuals from accessing them.

"Everything on my hard drive is gone," Amanda Noble, Atlanta city auditor, told Reuters.

Noble noted she knew something was wrong right away when she showed up for work March 22, only to discover upon launching her personal computer that it had been hacked.

How ransomware works
While there are many strategies cybercriminals use to gain access to private data, ransomware is increasingly popular because of its reach and capacity to cause maximum harm. A type of malware, ransomware produces a screen or image when a computer or server is hit, with verbiage telling the user their software has been compromised and their data encrypted. The only way they can get it back is by paying a dollar amount that the hacker establishes. Security experts note while the monetary demands can be substantial, they're usually not astronomic, as their end game is victims actually coming up with the money. However, even if those affected have the means, there's no guarantee hackers will release the data once payment is made.

"It's extraordinarily frustrating," Atlanta councilman Howard Shook told Reuters. Shook noted the SamSam worm led to the losses of 16 years' worth of digital data.

While businesses and consumers have been the main targets, cities and towns are increasingly in hackers' crosshairs. Last year, Yarrow Point, Washington was hit with a ransomware strain. As noted by, the mayor wound up paying to get the stolen data back, to the tune of $10,000. Purveyors of the SamSam virus demanded $51,000, according to The New York Times.

"Ransomware attacks rose sharply in 2017."

6 in 10 say they've never heard of ransomware
Although ransomware attacks are increasingly prevalent, they're not something that many people have heard about. In a survey conducted by Acronis, 60 percent were not familiar with the term, despite its fallout expected to lead to $11 billion in worldwide losses in 2019. Additionally, forms of ransomware, or variants, rose 46 percent in 2017.

"When it comes to a ransomware attack, prevention is the most effective defense," warned Eric O'Neill, counterintelligence operative who used to work for the FBI. "No business or person is safe. An effective data protection strategy, which includes regularly backing up data and training employees, can go a long way in keeping your data out of the hands of cybercriminals."

Ransomware is an equal opportunity offender, immobilizing servers, mobile devices and even credit card payment processors. 911 Software has the services you need to keep your business – and your customers' financial data – protected.

Saks Fifth Avenue says its systems were compromised during the Easter weekend holiday.

Dozens of retailers have been affected by cybercrime over the past decade or so, some on multiple occasions. Luxury brand Saks Fifth Avenue is the latest to fall victim to the pervasive threat, the hacker exposing sensitive data conducted via credit card processing.

Hudson's Bay, which owns both Saks Fifth Avenue and Lord & Taylor, confirmed the security breach took place the final weekend of March, The Wall Street Journal reported, one of the busier periods on the sales calendar given the Easter holiday.

"We have identified the issue, and have taken steps to contain it," the company's spokesman stated, as reported by the newspaper. He went on to mention that the proper authorities have been informed of the breach and the company is doing everything it can to assure customers' protection. This includes Hudson's Bay providing complimentary identity theft protection services, which also features credit monitoring.

"Data breaches are expected to increase in 2018."

Even though most businesses today recognize the threat identity theft poses and have put in place security strategies, hackers are seemingly adjusting to the obstacles thrown in their way. Although it's not yet known what type of breach perpetrators used in this most recent incident, security experts believe ransomware attacks will proliferate in 2018 and beyond. Last year, ransomware cost those victimized $5 billion and in 2019, the financial toll is expected to reach $11 billion, according to Acronis.

Eric O'Neill, data security expert and former FBI counterterrorism and counterintelligence operative, said ransomware attackers don't discriminate.

"No business or person is safe," O'Neill warned. "An effective data protection strategy, which includes regularly backing up data and training employees, can go a long way in keeping your data out of the hands of cybercriminals."

While investigators aren't sure about the means by which the Saks Fifth Avenue breach was performed, they're pretty sure about who's behind it. The group is known as JokerStash Syndicate. Dmitry Chorine, chief technology officer at Gemini Advisory, told the WSJ that this entity was able to skirt past security and tapped into the luxury retailer's point of sales system. He added JokerStash – otherwise known as Fin 7 – has been involved in breaches before, though they were far smaller in scale.

Quarter million credit cards exposed
As for how many customers had their payment data outed, Gemini Advisory puts the preliminary total at 125,000 credit cards, The Wall Street Journal reported.

Easter weekend typically sees increased customer traffic for retail stores and chains and this past holiday was no different. Spending is projected to exceed $18 billion, which if reached would be a near all-time high, according to the National Retail Federation. Eighty percent of shoppers were forecast to spend $150 per person, mainly at discount and department stores.

"Customers are urged to check their accounts."

Saks Fifth Avenue has stores in 22 states
The Easter weekend breach remains an ongoing investigation. So far, Hudson's Bay says it believes the attack originated from one of its New York locations, The Associated Press reported, but it's also possible it came from a store in the Northeast. Saks Fifth Avenue has a presence in 22 states.

"We wanted to reach out to our customers quickly to assure them that they will not be liable for fraudulent charges that may result from this matter," the company said in an updated statement on April 2 at its website. "Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring."

It added customers should be sure to check their account statements and inform the appropriate credit card issuers immediately if they notice transactions conducted without their prior authorization.

911 Software specializes in processing solutions, providing secure POS systems since our founding in 1995. Contact us to learn more about installing the point of sale system you and your customers can trust.

Consumers have lots of credit cards to choose from, but many stick with one when buying.

Today's credit card processing software allows businesses to accept a wide variety of card types. However, with people being creatures of habit, million of Americans prefer to use the same one time after time, according to the results of a recent survey.

"More than 1 in 10 people haven't switched from their preferred credit card in 10 years or more."

An estimated 49 million Americans tend to go with the same credit card when paying for goods or services by credit, based on a new poll conducted by Additionally, of the nearly 1,700 adults who participated in the survey, 12 percent said they haven't switched cards in a decade or longer. That's the equivalent of 20 million people in the U.S. who haven't changed cards in 10 year or more.

Diversifying credit card use is best
There's nothing inherently wrong with going to the same credit card. But at the same time, credit diversification helps to strengthen credit scores, as the types of credit used is one of the factors credit agencies rely on to determine buyers' three-digit rating, according to Equifax. Other factors include payment history, the ratio between how much credit is used and what's available and account types.

It behooves businesses to accept more than one credit card type, as well, given that there are so many subscribers customers can choose from, not to mention the fact that many buyers do aim to switch up the frequency with which they purchase with one versus another.

More than 2 in 3 Americans pay by credit card 
Something that most Americans share in common is credit card utilization, viewing it as another way to buy when they're short on cash or shore up their credit scores. The third most common way Americans spend money is with credit cards, according to recent statistics available from Blackhawk Network. In 2016, nearly 70 percent of shoppers paid by credit card on one or more occasions, behind only cash and debit as more frequent payment types.

For more than 23 years, 911 Software has provided merchants with the superior, seamless, reliable card processing services that paying by credit is known for. We're a trusted payment solution firm, boasting tens of thousands of satisfied businesses since launching in 1995.

ATM cards were targeted at an unprecedented rate in 2017.

Card processors are everywhere, making paying by debit a breeze for customers with bank accounts. Recognizing the frequency with which this form of payment is used, fraudsters targeted debit cards last year, resulting in a sharp increase in reported breaches, according to newly released statistics.

In 2017, the number of compromised debit cards increased 10 percent, based on recent FICO analysis. Also, the compromised ATM and merchant device count rose 8 percent from 2016.

"3 in 4 consumers use debit cards to make payments."

TJ Horan, FICO vice president of fraud solutions, noted debit-related breaches have never been more prevalent than they are today.

"The number of compromises and the number of card members impacted set a new record last year," Horan explained in a press release. "While most devices are safe, fraudsters are developing new technology and methods for hacking ATMs."

Consumers these days have a variety of options to pay for goods and services, with debit being chief among them. Seventy-five percent paid with debit in 2016, the most recent year for which data is available, with 87 percent spending with cash, according to Blackhawk Network cash still the most common form, though not as prevalent as in yesteryear. In 2016, the most recent year for which data is available, 75 percent used debit on at least one occasion, according to Blackhawk Network. Eighty-seven percent spent with cash. 

Vigilance is paramount
In order to guard against being preyed upon, Horan advised consumers must be vigilant about their debit card use and should perform their due diligence by keeping tabs on their checking accounts to ensure that everything looks accurate. Unauthorized withdrawals should be flagged immediately and brought to banks, merchants or other financial institutions' attention.

It's no coincidence that as payment varieties have risen, financial security incidents have followed suit. Perpetrators today have a broader swath of payment vehicles to exploit, evidenced by fraud incidents reaching an all-time high in 2017. Indeed, 84 percent of executives acknowledge they, too, were impacted by fraud in 2017, according to analysis conducted by risk solutions provider Kroll. That's up from 82 percent in 2016.

Data-based fraud also affected everyday consumers at an unprecedented rate in 2017, not just through debit cards. There was an 8 percent increase in identity theft last year, according to calculations conducted by Javelin Strategy & Research, costing victims approximately $16.8 billion

Woman using ATM from her car. Drive-up ATMs can be difficult to guard against peering eyes.

Although the boom in payment vehicles gives scammers a larger pool of potential victims, consumers and business owners have more tools to keep themselves protected, Javelin Strategy & Research fraud and security expert Al Pascual noted. 

FICO offered consumers a few awareness strategies that can be helpful:

Contact card issuers immediately
Issuers aren't just there to facilitate a transaction; they're also available for customer assistance and assurance. If you lose your ATM card or have reason to believe it was compromised, inform the issuer about your suspicions and ask for a new card and number.

Get into the account checking habit
Online and mobile device tools have made due diligence a snap, but all too often, debit and credit card users fail to utilize them. Log on and take a peek at your account frequently to ensure there haven't been any unauthorized transactions.

Be cautious when withdrawing money from ATMs
ATMs get patronized regularly, many open and available 24 hours a day, seven days a week. Before withdrawing cash, ensure no one is peering over your shoulder or invading your personal space. Also, if an ATM looks old, outdated or unusual, steer clear and use one that your financial institution owns or may be affiliated with.

Your customers can protect themselves from the potential for fraud, but merchants can make the payment process more seamless and safe for their customers by investing in the proper card processing software. 911 Software, Inc. has the tools that can help thwart data theft.

Credit card and Social Security data were two of the information systems thieves exploited in 2017.

From credit card processing to mobile payment technology, consumers these days have a variety of ways in which to pay for products and services. At the same time, these eclectic purchase methods offer cybercriminals numerous opportunities to steal identities, and in 2017, the crime reached an all-time high, according to the results of a recent study.

Approximately 16.7 million Americans were victimized by fraudsters last year, based on newly released figures from Javelin Strategy & Research. That's the largest number of individuals affected by identity theft since 2003, when the San Francisco research and advisory firm first started recording the statistic.

"Identity theft incidents rose in 2017."

It's not as if business owners aren't aware of the threat posed to themselves and to their clientele. Companies have invested millions of dollars into mounting a successful defense against data hacking. However, those seeking to steal sensitive data are constantly refining their strategies in a bid to outmaneuver the obstacles that lie in their path. Unfortunately, they frequently succeeded in 2017, impacting 1.3 million more U.S. consumers last year than during 2016, the report found.

Al Pascual, Javelin senior vice president of research and point person for fraud and security, indicated that last year was a period that con artists will want to mimic in 2018.

"2017 was a runaway year for fraudsters, and with the amount of valid information they have on consumers, their attacks are just getting more complex," Pascual explained. "Fraudsters are growing more sophisticated in response to industry's efforts to implement better security."

Defenses used frequently insufficient
It may be that the cybersecurity steps business owners are taking aren't quite cutting it, even though they may seem sufficient at first blush. In a survey the Ponemon Institute conducted and IBM sponsored, nearly 8 in 10 organizations felt like the cyberdefensive strategies they'd implemented in the past year made them more resistant to being preyed upon by data thieves. Yet at the same time, more than three-quarters conceded they didn't have a formal cyber incident response program set up. Additionally, close to 50 percent said their cybersecurity plans were run-of-the-mill regular or so ad-hoc as to be tantamount to nothing. 

Ted Julian, IBM vice president of product management, said organizations' belief they're better off today than they were last year may stem from people they've hired who specialize in cybersecurity.

"Roughly 30% of data breaches in 2017 affected credit cards."

Social Security numbers in hackers' crosshairs
The ubiquity with which credit cards are used – in person and online – serves as fertile ground for cybercriminals to strike, which may explain why roughly a third of all consumer data breaches are credit card related, the report found. In 2017, however, more people had their Social Security numbers stolen than their credit cards, impacting 35 percent of respondents in the Javelin Strategy & Research analysis.

David Wagner, chief executive officer for email data protection and detection firm Zix, said hackers exploit any and every opening they can, whether it's directed at consumers or business entities.

"Companies need to re-evaluate and prioritize the security of data that is most critical to their success and growth, whether it be intellectual property they're storing in the network or confidential corporate information they're communicating in email," Wagner told Due, an online invoicing platform.

Wagner added that as important as reliable credit card processing software and other security technologies may be, it can't be the only method by which companies shore up their defenses.  Businesses must also more regularly and thoroughly review their "corporate governance structure," which when done on a more consistent basis, can provide clarity on what security strategies are working and which could use added reinforcement. As far as software is concerned, it's crucial to keep the mechanisms in place up to date, so push notifications informing users of security upgrades should be prioritized as soon as they make themselves known. 

The U.S. economy weathered quite the blow in 2016, as cybercrime resulted in billion-dollar losses.

Gross domestic product growth is robust and job creation is swift for the U.S. economy, an encouraging trend that has enabled both businesses and consumers to increase their earning power. But these successes weren't without some adversities along the way, much of it stemming from cybercrime, where companies – and by extension, the country's economy – were bilked out of their hard-earned money, a recent report reveals.

"Data security breaches may cost the economy upwards of $100 billion in 2016."

According to newly released figures from the Council of Economic Advisers, an arm of the White House, data security breaches cost the economy somewhere between $57 billion and $109 billion in 2016, Bloomberg reported. With companies accepting more forms of payment to improve convenience hackers have a greater number of avenues through which to steal identities and make off with sensitive data that businesses keep in their storage systems.

International cyberthreats significant
While most of the attacks come from within the U.S., cyberthreats are international, hatched from countries all over the world, including Iran, China, North Korea and Russia, the Council of Economic Advisers detailed in its report.

"These groups are well funded and often engage in sophisticated, targeted attacks," authors of the report wrote. "Nation-states are typically motivated by political, economic, technical, or military agendas, and they have a range of goals that vary at different times."

These attacks come in a variety of forms, the report went on to state, including ransom, where businesses are given an ultimatum: pay up or face the consequences. Those victimized may never get their data back – even if they do pay the ransom fee – or their computer systems may be infected with malicious software.

"The Cost of Malicious Cyber Activity to the U.S. Economy" report also defined the types of actors who participate in these attacks, among them so-called "hacktivists," which the CEA described as typically private individuals who are agenda driven, often politically.  

"Cyber threats are ever-evolving and may come from sophisticated adversaries," Bloomberg quoted from the CEA report. "Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate."

"Companies say they've hired more personnel to handle  data security."

77 percent admit they don't have a cybersecurity protocol
Some companies, however, may not be taking cybercrime as seriously as they ought to be, in effect believing they won't be compromised or simply failing to prioritize protection out of a false sense of security. More than three-quarters of businesses confess they lack a formal cybersecurity plan, according to a separate study conducted by the Ponemon Institute. Nevertheless, 7 in 10 are of the mind that they're in better position to fend off an attack than in 2017.

Ted Julian, vice president of product management at IBM Resilient, which sponsored the study, chalked up business owners' confidence to better staffing, hiring those who are trained to deal with hacks.

IT personnel represent only one part of the data security puzzle. 911 Software has the credit processing software that can more effectively shore up your company's defenses.

Oregon lawmakers are attempting to bring greater security and transparency to the credit card processing arena.

With credit card processing fraud increasingly prevalent – as well as other forms of identity theft – IT security experts and buyer-beware consumers are calling on the government to implement more defensive measures through which Americans can protect themselves when buying in store or online. Oregon appears on the cusp of making increased due diligence a reality.

On March 1, the Oregon House of Representatives overwhelmingly passed a bill that, if signed into law by Governor Kate Brown, would require merchants to inform customers of a successful cybersecurity attack within 45 days of its detection. Fifty-eight of the state's lawmakers voted in favor of Senate Bill 1551, with only one opposed.

Although increased scrutiny has been a brewing issue in Oregon for awhile now, SB 1551 got much of its verve after credit agency Equifax reported more than 145 million consumers' credit information had been compromised last year. Indeed, the nickname of SB 1551 is the Equifax bill.

Ellen Rosenblum, Oregon's attorney general, noted in written testimony that consumers in the Beaver State were particularly hard hit.

"1.7 million Oregonians were impacted by the Equifax data breach."

"Oregon fared no better – over 1.7 million of Oregonians' information was breached," Rosenblum stated, according to the East Oregonian. "As one cannot change their Social Security Numbers, this is a breach that will follow Oregonians for many years to come. Not only does the sheer size of the breach cause concern, but the Equifax story revealed many other failures and unfair practices."

The financial fallout from the cyber incident has resulted in class-action lawsuits against Equifax, filed on behalf of the thousands of Oregonians who were adversely affected, according to State Scoop.

"Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach," the text of a lawsuit filed in federal court charges. "Equifax could have and should have substantially increased the amount of money it spent to protect against cyber-attacks but chose not to."

Consumers can have credit frozen for free
Should SB 1551 be signed into law as currently constituted, in addition to the 45-day notice required of affected businesses, consumers would have the ability to have their credit identities frozen – and unfrozen – free of charge, according to the Statesman Journal.

Cyberattacks have become frighteningly frequent, especially for consumers who regularly use their debit and credit cards for payment processing. At least 1,579 breaches transpired nationwide last year, according to the Identity Theft Resource Center. That's a near 45 percent increase from 2016, a year which had held the all-time record.

Eva Velasquez, ITRC president and CEO, indicated that part of the notable rise stems from businesses being more forthcoming as to when they've been compromised.

"We've seen the number of identified breaches increase as a result of industries moving toward more transparency," Velasquez explained. "We want to encourage businesses and government entities to continue to provide timely reports to their respective Attorney Generals [sic] so consumers can be better informed on what are the immediate and long-term impacts to their personal information by any given data breach."

Stack of credit cards. Credit card data is one of the main sources thieves steal identities.

Eight states have credit freeze legislation in place
Oregon isn't the only state making cybersecurity more of a priority, and in the process, giving consumers and business impacted more outlets through which to address these issues when they present themselves. Indiana, Maine and the Carolinas have laws in place permitting residents to freeze their credit profiles at no charge, as noted by State Scoop. New Jersey, Maryland, New York and Colorado offer similar services but they may be required to pay a fee to have the freezes removed.

Paul Cosgrove, a representative for the Oregon Bankers Association, told the Statesman Journal the Equifax hack was an eye opener because it touched so many lives.

"We are all subject to clever and very smart hackers and we need to be especially watchful to make sure our systems stay one step ahead of them," Cosgrove warned.

While the credit reporting giant initially believed the attack affected 141 million consumer, it announced recently that new evidence suggests it was more pervasive, impacting an additional 2.4 million in the U.S. whose private data was compromised.

In a statement, Equifax interim CEO Paulino de Rego Barros Jr. said the company will do everything it can to protect consumers and inform them directly if their identities have been stolen. The most common data cybercriminals seek are Social Security numbers and credit card specifics. In 2017, more than half of the reported breaches affected victims' Social Security and 19 percent debit and credit cards, according to the ITRC.

The best offense against cyberattacks is through a good defense. Contact 911 Software to learn more about the credit card payment software that can help keep consumers' financial data safe and secure.

The Subcommittee on Financial Institutions and Consumer Credit held a meeting on Feb. 14 regarding how to counter cyberattacks.

As local and franchise businesses install top-of-the-line credit processing software, attempting to stay a few steps ahead of identity thieves, lawmakers in Washington are considering passing a bill that would create a national data breach notification system. The thrust of the program would be to create a centralized reporting warehouse consumers and businesses could go to for more information about the latest scam or virus making the rounds. The law would also mandate entities inform their customers about breaches promptly if ever compromised.

But before legislators give it serious consideration, the National Retail Federation is imploring them to leave no stone unturned.

"The NRF says a breach notification system must not leave any holes."

In a statement issued by the world's largest retail trade association, the NRF stressed that in today's day and age, in which cyberscams are rampant, lawmakers can't afford a Band-Aid approach to countering data attacks. In short, if a program is going to be passed, each and every industry needs to be held accountable, as customers have a right to know what's happening with their sensitive financial information.

"American consumers want to know if their data has been breached no matter where the breach occurs," stressed Paul Martino, vice president and senior policy counsel at the NRF. "No industry should be allowed to keep its data breaches secret."

30 states have considered legislation
Several states already have data breach notification laws in place, including Delaware, Maryland and just recently New Mexico, according to the National Conference of State Legislatures. Since 2017, nearly two-thirds of state governments have at least considered bills that deal with cybersecurity awareness. No overarching federal law exists as of yet, even though the NRF has long called for a uniform national data breach bill.

Cyber incidents are not only more damaging, they're proliferating, in part because more people and businesses have an online presence. Last year, a whopping 84 percent of companies experienced fraudulent activity that used the internet as a means of entry, according to Kroll.

Hearing on cybersecurity held Feb. 14
The frequency of these attacks is part of the reason why Congress appears to be taking the issue more seriously. Indeed, the Subcommittee on Financial Institutions and Consumer Credit recently convened on Capitol Hill, where discussions were had on how the public might best deter cyberwarfare.

"Every year, the number and severity of data breaches seems to increase, and more Americans seem to become victims of fraud and identity theft," warned Blaine Kuetkemeyer, chairman of the subcommittee. "Consumers are left not only facing financial harm but also the daunting task of restoring the integrity of their personal information."

The ideal strategy is prevention. For more than 20 years, 911 Software has provided trusted payment processing solutions to tens of thousands of merchants. We're constantly refining our systems to help merchants of all types remain vigilant in today's highly connected age.

Three-quarters of businesses in five countries are vulnerable to cyberattacks, a new report suggests.

With the U.S. being the largest economy in the world and boasting the broadest base of regular internet users, reported security breaches among businesses get a lot of attention in the news media. These happen despite more companies going to greater lengths to secure the privacy of sensitive data.

But U.S.-based businesses are the only ones increasingly in hackers' crosshairs, and organizations may need to do more to shore up their defenses, a new report suggests.

"73% of businesses would be unable to weather a cyberattack"."

Almost 75 percent of businesses in five countries – the U.K. Germany, Spain, U.S. and the Netherlands – have insufficient cybersecurity protections in place, according to a recent report from Hiscox, a specialty insurance firm.

The report came to this conclusion through several stress tests, designed to gauge just how ready the 4,100 organizations polled were to handle cyberthreats on a real-time basis, both in terms of strategy as well as execution.

Two-thirds impacted by multiple cyberattacks in last year
Not only did the businesses' attempts at defense fail to pass muster, but a substantial percentage had already experienced a breach. Indeed, 45 percent were victimized by at least one attack in the previous year and 66 percent of those dealt with two or more, the report found. 

Gareth Wharton, cyber CEO at Hiscox, indicated 2017, in many ways, was the year of the hack.

"If anyone still harbored doubts about the severity of the threat, the events of the past year should have dispelled them," Wharton wrote in the report. " From the WannaCry ransomware attack to the hacking of one of the world's largest credit agencies, 2017 produced numerous reminders that operating in a connected world has fearsome perils."

This past September, credit agency Equifax disclosed that an estimated 145 million consumers' financial data had been impacted by a breach, including consumers' Social Security numbers, home addresses and driver's license information. However, as The Wall Street Journal and Associated Press reported, additional information may have been compromised, such as email addresses and income tax documents. 

Financial fallout averages $229,000
Aside from the public relations toll cyberattacks can have on organizations, they pale in comparison to the financial impact. The average incident costs upwards of $229,000, the Hiscox report determined, but that's a ballpark estimate, as company size can result in financial damages in the millions of dollars. For instance, the average cost for U.S.-based companies with 100 employees or more was $1 million, but averaged $24,000 for small-business owners in Spain.

"87% of businesses in Canada have experienced at least one cyberattack."

Businesses in Canada – both large and small – aren't immune to cyberthreats either, as attacks there are proliferating. In the typical year, around 450 breaches impact entrepreneurs, based on a new report from IDC Canada. While these attacks aren't always successful, at least one was for nearly 90 percent of Canadian companies.

"As cybersecurity breaches become the new normal, organizations can't be complacent," warned Theo Van Wyk, chief security architect at Scalar Decisions, which commissioned the analysis. He further noted companies are experiencing attacks, despite having full-time security staff.

IT personnel may not be financially feasible for small-business owners, due to limited resources. The Hiscox study revealed that for organizations with 250 employees or fewer, around 10 percent of their operating budgets go toward cybersecurity, well below the 12.2 percent large companies devote to defenses, like up-to-date payment processing software.

Cyberattacks are a clear and present danger for businesses, particularly those that accept a variety of payment denominations. The experienced engineers at 911 Software have the point of sales systems that are optimized for privacy, without compromising convenience.

Hackers created  data catastrophes for a majority of businesses last year, according to a new report.

Last year will certainly go down as one of the more memorable periods for problems plaguing business owners. Wildfires, floods, tornadoes and damaging hurricanes tore a path of destruction that had many wishing they'd better prepared. But Mother Nature wasn't the only threat that was seemingly unrelenting. The ominous clouds of cybercrime left business owners with a real mess on their hands.

In 2017, nearly 85 percent of business owners – including small, midsized and large – were impacted by some variety of cyberwarfare, according to newly released statistics from risk solutions firm Kroll. That's up from 82 percent in the 2016 annual poll and 61 percent in 2012. In fact, cyber incidents have risen on an annual basis for five consecutive years.

"Data theft was the most common cyberattack last year for businesses."

From phishing to ransomware, cyber scams come in many forms and varieties, with some more devastating and hard to reverse than others. In 2017, data theft was the most prevalent type, the report found. Nearly 30 percent of managers surveyed acknowledged they were affected by stolen information, a 5 percent uptick from 2016. The second most common was theft of physical assets, like stocks or bonds.

Jason Smolanoff, Kroll senior managing director and global security practice leader, indicated that as the document and payment processing world leans further into the paperless camp, hackers have more opportunities to wreak havoc and cause panic.

"In a digitized world with growing levels of data creation, collection, and reliance for businesses, information assets have become increasingly valuable and exposed to threats," Smolanoff explained. "Exacerbating the challenge of safeguarding data is that criminals and other threat actors are continually developing new ways to monetize confidential information, including personal data."

States fighting back
Business owners aren't taking these attempted incursions lying down, however. In addition to securing high-quality internet security protection they're also obtaining state-of-the-art credit card processing software, which better protects consumers' sensitive data from being illegally accessed. Several states are getting in on the counteroffensive. For instance, in the Commonwealth of Massachusetts, the Attorney General's office just recently announced the creation of a data breach reporting portal. Area firms and organizations are urged to provide an account of what happened promptly should they be impacted by a successful or attempted breach.

In Florida, in partnership and consultation with research and advisory company Gartner, the Florida Center for Cybersecurity newly released a report detailing to what degree local businesses are protecting themselves and the personal data they have on file from customers.

Sri Sridharan, director of the Florida Center for Cybersecurity, said the analysis is meant to supply the Sunshine State's officials with an update on how resilient businesses are to the effects of cyber incidents.

"Good decisions come from good information," Sridharan explained. "For this report, Gartner looked at many aspects of cybersecurity – from education, workforce demand, and economic factors to technical issues such as incident response capability.

He added that given the ubiquity of data theft, consumers, educational facilities and business entities can't afford to be reactive; they must be proactive.

"Attacks are costing businesses more to recover from."

Incidents cost businesses 7 percent of annual revenues
Some who may be taking cybersecurity too cavalierly are paying a costly price. In 2017, cyberattacks caused businesses economic losses averaging between 5 percent and 10 percent of revenues, the Kroll annual fraud and risk report found. That's up from a 3 percent average overall in 2016.

Being victimized by a cyberattack can unspool a thread of challenges and liabilities that can be next to impossible to control once hackers find an opening. Credit card payment software from 911 Software can help you stay one step ahead. Learn more about our products, processors and services at the top of our homepage.

Cybersecurity breaches will take on many forms in 2018, but one to especially be watchful of is ransomware.

It may be a new year, but cybercriminals are expected to reach into their same old bag of tricks in 2018 to steal sensitive data. However, certain types of subterfuge are poised to become more common, with ransomware attacks chief among them.

According to MIT Technology Review – as well as several other hi-tech information and awareness websites – ransomware incursions will likely proliferate in 2018, affecting both small businesses as well as large organizations.

Appropriately titled, ransomware is a particularly pernicious variety of attack that wrests control of computer systems from users. Though there are several ways in which ransomware plots are carried out, they're usually done through deception by tricking users into believing they're downloading a benign file that is actually malicious software, effectively hijacking the system and decrypting it. The only way for users to regain control is by paying the ransom the originator of the attack demands.

In addition to MIT Technology Review warning about the potential for ransomware attacks to intensify, eWeek issued a similar advisory.

"Ransomware will continue to plague organizations with 'old' attacks refreshed and reused," warned Andrew Avanessian, chief operating officer at Avecto, a Massachusetts-based software management and security firm. "The threat of ransomware will continue into 2018."

"More than 250,000 computers were affected by the WannaCry virus."

Avanessian referenced that perhaps the best examples of ransomware's impact in 2017 were the WannaCry and NotPetya viruses, which targeted Microsoft Windows operating systems through the use of a cryptoworm. All told, more than a quarter-million computers in 150 countries were adversely affected by the contagion, with economic damages in the billions.

Over 1 in 4 ransomware events struck businesses in 2017
Although ransomware doesn't discriminate – everyone has the potential to be exploited – business owners are increasingly the main targets. Last year, for example, more than a quarter of ransomware attacks – 26.2 percent – impacted companies, according to Kaspersky Lab. That's up from 22.6 percent in 2016. What's more, nearly two-thirds of ransomware victims lost a "significant" amount of data, with 1 in 6 never regaining the information stolen, despite their paying the ransom.  

"Ransomware attacks will continue to grow at double-digit rates," Gartner analyst Avivah Litan told Security Boulevard. "I think we'll continue to see the growth of mass ransomware attacks against corporations and large institutions rather than small victims."

Illustration of ransomware in binary code. Ransomware attacks aren't expected to slow down in 2018.

Many small businesses forced to closed after attacks
But this is hardly an indication everyday consumers and small-business owners are in the free and clear, because if they're attacked, the fallout can be devastating. Of the 33 percent of small and medium-sized businesses that went through a ransomware attack last year, approximately 22 percent folded, based on survey estimates performed by Osterman Research on behalf of Malwarebytes.

"Businesses of all sizes are increasingly at risk for ransomware attacks," advised Marcin Kleczynski, Malwarebytes CEO. "However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise."

Despite ransomware and other viruses making the rounds, many Americans remain unaware about how they can protect themselves on the internet. Only 20 percent of respondents in a Pew Research Center study correctly answered 8 out of 13 questions that quizzed participants on their cybersecurity acumen. And just 1 percent finished the test error-free.

Cloud 9 has the resources businesses can use to identify and defend potential vulnerabilities and keep their payment processing software secure. Contact us to learn more.

The world's first wallet card, a single credit card-sized device capable of holding multiple payment accounts, was recently announced at the Consumer Electronics Association's CES 2018 awards by Visa and Dynamics.

Visa and international payment card producer Dynamics recently revealed their wallet card at the Consumer Electronics Association's CES 2018 awards.

According to a Visa press release, their version of the card identical in size and shape to a traditional card but has the ability to host multiple cards accessible through an on-card digital screen. The card also features EMV, magnetic strip and contactless payment technologies, meaning it's accepted by nearly any retailer.

"There is still much that can be done to update the card-based experience, which continues to be the primary form factor used globally to complete digital payments transactions," said Mark Nelsen, senior vice president of risk and authentication products at Visa, in the company press release. "We're excited about the many unique benefits that the Visa Wallet Card can offer to both financial institutions and cardholders, alike."

Wallet card's capabilities and functionalities

"The wallet card can work for some as an alternative to mobile wallets."

The card has over 200 internal components and is hailed as the first payment device of its kind that incorporates the Internet of Things, according to a Dynamics press release.

Here are some of its most significant technological features:

  • An internal cellphone chip and antenna allow quick and seamless data transfer between the bank and the cardholder anywhere in the world.
  • A 65,000-pixel display used to cycle through payment cards and information screens.
  • Programmable EMV chip, magnetic strip and contactless chip that can change based on the particular card profile selected. It can host debit, credit, prepaid, multicurrency, one-time use and loyalty cards.
  • A organic battery that recharges itself through use and requires no additional activity from the cardholder.

Key wallet card benefits

The wallet card helps improve consumer security and prevent fraud through rapid data response and card replacement. If information for one card is compromised, the bank can immediately delete it's information from the card device and issue a new account number.

The on-card screen can also receive messages at any time. Users can request that transaction notifications be sent to the card or updates on their remaining account balances. If a suspicious charge is found, the bank will send a notice to the card where the owner can report any activity they see as fraudulent.

Business Insider said the wallet card can work for some as an alternative to mobile wallets. Many consumers are not yet convinced of the security benefits of mobile wallet use and this device can function as a more familiar, physical version of that technology.

The diversity of the wallet card's payment systems makes it capable of being used at virtually any card processing terminal and merchants should prepare for its potential presence in the market with the use of efficient credit card payment processors.

To learn more about implementing effective credit processing software, get in touch with 911 Software today.

There are a number of trends and changes affecting the payment industry in 2018 that retailers should be aware of.

As the technology behind how payments are conducted changes with the progression of time, so too does the nature of payments themselves.

Trends can quickly come and go as consumer tastes and best practices evolve. To stay ahead of the curve, retailers and payment providers should stay informed on the direction the industry may head in. Here are some things companies in the payments market should be aware of in 2018.

Greater customer agency in managing payment forms

"EMV tokenization is expected to become more universal."

In today's world of payments, consumers expect their checkout experiences to be as safe as they are seamless. They demand that all their devices and any forms of payment on them have air-tight security.

As a result, Mastercard announced a plan to release application programming interfaces for card issuers that allows users to view all their payment cards across their devices in a single place, according to Forbes.

"Today's consumers are smarter and have higher expectations than ever before," said Kiki Del Valle, senior vice-president of commerce for Mastercard, to Forbes. "We are providing the consumers with the tools they need in the Internet of Things era."

Allowing consumers to manage all their methods of payment can give them more power over their finances and opportunities to stop suspicious activity.

Data security boosts via tokenization

Mobile Payments Today reported that the numerous data breaches throughout 2017 led many in the industry to assume consumer data is generally not safe.

A solution could come via EMV payment tokenization. This security process, which adds a layer of anonymity to retail interactions and can restrict token usage to specific devices, transaction types or merchants, is widely used for purchases involving near field communication. The system can fight fraud by allowing threats to be isolated in real time based on where malicious activity occurs.

EMV tokenization is poised to become more universal because of its security benefits across merchants and card issuers. The systems managing its use will grow more complex and specialized token service providers will prove to be pivotal in simplifying the technique for retailers and consumers.

Rewards for purchases

A report from Accenture noted consumers received $15 billion worth of card payment rewards, like travel miles and cash back, in 2016. Card holders aim to receive even more perks in the future.

Accenture's research found that 48 percent of shoppers would switch their primary rewards card for another if given the opportunity to earn more rewards with each purchase. Another 67 percent said they wanted to redeem their rewards at the point of sale when swiping their cards.

Retailers can stay ahead of the curve in 2018 with effective, secure and up-to-date card processing infrastructures.

To learn more about implementing effective credit processing software, get in touch with 911 Software today.

Restaurants in the fast-casual style of dining are increasingly implementing self-service kiosks for customers to use.

A new service trend is hitting the restaurant industry in the form of self-ordering kiosks – large, screen-based digital interfaces that allow customers to order and pay for their meals without assistance from traditional servers. Software review site Software Advice conducted a study and found that 85 percent of the U.S. consumers surveyed were familiar with self-service kiosks.

Chris Ciabarra, co-founder and chief technology officer at self-service company Revel Systems is confident that this technology will become increasingly popular in America.

"I see rapid [self-service] kiosk adoption across multiple verticals," Ciabarra told Software Advice. "They're already a standard in Asia and Europe, and this will be a natural progression to consumer behavior in the U.S."

The devices usually incorporate EMV-friendly pos card processing hardware and software, as well as options for alternative payment methods like digital wallets, Apple Pay and Android Pay. However, restaurants incorporating self-ordering kiosks in their business model could potentially into compatibility issues between the POS system of the kiosk and that of the restaurant as a whole.

Disharmony a possibility for self-service kiosk integration

"Most POS system providers do not yet make functionalities for self-service kiosks."

Retail payment news site Point of Sale noted that successful implementation of self-service stations requires restaurants to attempt to unify their POS structures. Ideally, the sales data collected by the kiosks should be accepted by the restaurant's existing POS provider and visible alongside all other sales data. That information should also have the ability to be viewed separately from the other POS terminals to examine individual kiosk sales.

A potential problem arises due to the fact that most POS system providers do not yet make functionalities for self-service kiosks. Kiosk manufacturers generally provide their own processing software and with an abundance of providers, this could create problems for kiosk-makers and the restaurants that hope to use their products.

Businesses hoping to integrate these self-ordering services must first research their compatibility options before making any investments into the technology.

Popularity of technology is growing

Even amid unification concerns, restaurants are still adopting the self-ordering kiosks, particularly those in the quick service and fast-casual style eatery industries. Last year Fortune Magazine reported  fast-food titan McDonald's announced it planned to install kiosks at 14,000 of its U.S. locations, including some in Chicago, Washington D.C. and Seattle. At the time, kiosks were already being used at 500 locations in New York, Florida and southern California.

The Software Advice study found 50 percent of participants preferred ordering and paying themselves over being assisted by a server. This could be due to growing security concerns in letting a server walk away with cards to process payments, during which time the card information could be stolen.

To learn more about implementing effective credit processing software, get in touch with 911 Software today.

Implementation of contactless EMV payments has been slow in the United States, but that could change in the next few years.

Change can be a difficult thing to facilitate and accept for some. For Americans in particular, replacing the tried and true magnetic strip cards with the more complex and unknown technology of EMV has been a sluggish, ongoing process compared to some other countries.

Adoption rates in the U.S. have increased vastly over recent years, but consumers were slow to initially accept the shift.

In the case of implementing contactless EMV payments technology a half-measure more advanced than standard EMV transactions, consumers are even more reluctant to adjust. 

But recent reports show that there could be large uptick in consumers and businesses employing contactless payments.

More hardware activation and card distribution on the horizon

Apple Pay, Android Pay, iWallet, and Samsung Pay have grown increasingly prevalent in the public consciousness and have paved the way for more widespread use of contactless payments.  According to Javelin, a research firm specializing in consumer transactions, payments spurred by those companies has led to EMV terminal manufacturers automatically adding contactless payment hardware into their machines for free.

"In the next wave of [EMV] card issuance, Javelin believes the speed and convenience offered by contactless EMV cards could be instrumental in gaining top-of-wallet status, as well as attracting and retaining more affluent customers," said Michael Moeser, Javelin's director of payments, retail and small business, in a company press release.

Even with the hardware already in place, that does not automatically mean businesses will immediately begin accepting contactless payments. The hardware has to be activated and as of 2015, only 21 percent of all U.S. establishments enabled that functionality. But Javelin estimated that by 2019, over one third of businesses in the country will welcome contactless payments.

According to, technology analysis and research company ABI Research stated 25.7 million contactless cards were shipped in 2016. That number is expected to rise to just below 230 million by 2021.

Phil Sealy, a senior analyst at ABI Research, told that cards typically have a three-year life span and since EMV cards were issued in 2014, many will need to be replaced in 2017 and the new cards will feature contactless chips.

Although the new cards will allow consumers to use contactless payments at the increasing number of businesses that will take them, there is no guarantee that that will indeed occur, at least right away. However, just as EMV technology took time for its influence to spread, so too will the public need more opportunities to adapt to the usage of contactless payments.

To learn more about implementing effective credit processing software, get in touch with 911 Software today.

Gas stations slow to implement EMV technology may experience credit card skimming at their pumps, as the criminal trend is increasing.

The deadline for gas stations to implement EMV technology was originally set for October. However, in December 2016, Visa and Mastercard announced they would push the deadline back by three years.

The deadline's extension came as a result of gas station operators expressing their frustrations because they would not be able to fully implement EMV systems into their pumps in time, according to Bloomberg. Many older pumps would need to be wholly replaced, and removed from their concrete bases. The estimated cost to replace these pumps is $30,000 per gas station.

"Criminals have increasingly replicated customer cards with magnetic strips"

High costs being paid by customers for lack of EMV technology

The costs involved with EMV implementation, and its delay, affect not only gas station operators but banks and customers as well.

EMV cards create a unique code for each transaction, making credit and debit cards much more secure than their magnet based counterparts, which have a set code that can be easily duplicated. reported, criminals have increasingly replicated customer cards with magnetic strips at pump stations using what are known as skimming devices. Thieves attach one or sometimes multiple illegal gadgets to the internal computing systems and POS card processing terminals at gas pumps. Once installed, the inconspicuous devices copy card information from each transaction at the pump and store it on a microchip that someone comes back to retrieve.

In more recent cases, criminals have used skimmers that wirelessly send card information to a mobile device via Bluetooth or SMS text, making it so that no one needs to fetch the equipment, according to Krebs On Security.

Fueling stations in particular make for easy targets because most pumps have not yet been fitted with EMV technology and they are used by scores of customers throughout the day.

"The devices are being found at small merchants, large merchants, urban, rural, new and old convenience stores, so nobody is exempt," said Kara Gunderson, point-of-sale manager for Citgo Petrolum Corp., to

Until the gas station EMV implementation deadline is surpassed in 2020, banks are responsible for covering any stolen funds from the use of magnetic strip cards. After the cutoff date, reimbursement falls in the hands of the station from which the theft originated.

The longer it takes gas stations to transition from magnetic strip readings to EMV technology, the more opportunities criminals have to take advantage of their customers.

To learn more about implementing effective credit processing software, get in touch with 911 Software today.

Moving past PCCharge needs to be a major consideration for businesses still using that system.

Verifone's PCCharge system was long a preferred choice of smaller merchants because of its many attractive factors. Ease of use, lack of a need to purchase and configure substantial amounts of external hardware, the ability to base the system on existing computers and other benefits all played into its popularity. Unfortunately, with support for PCCharge withdrawn in the face of issues with EMV compliance and Verifone's decision to focus on other products, small businesses need to prioritize a change from this card processing software to a more modern and secure alternative.

Why should businesses look past PCCharge? There are a number of reasons, including:

Lack of support and future upgrades

"PCCharge is no longer supported by Verifone."

PCCharge is no longer supported by Verifone. What does that mean for businesses? Technical issues that may have once been solved quickly through the support provided by Verifone can now linger, persist and grow worse over time. The lack of any official troubleshooting or expert guidance means PCCharge is vulnerable to a wide variety of issues that arise as other parts of a small business's IT infrastructure are upgraded, swapped out and otherwise changed.

Continuing to use any technology that is not supported by the provider is a risk for businesses. When it comes to the vital systems that handle credit and debit card payments, taking such a chance can lead to negative results in terms of efficiently processing transactions and keeping the related information secure.

Substantial security issues

The EMV standard has been in place for nearly all businesses, large and small, for close to two years. One factor behind the end of support and development for PCCharge was the need for the system to meet EMV regulations. That means businesses continuing to use this Verifone system are putting themselves at risk in terms of fraud concerns and associated financial consequences.

PCCharge is also no longer compliant with the Payment Card Industry Data Security Standard and the Payment Application Data Security Standard, which presents similar issues for businesses. A lack of compliance in this case means security issues.

Additionally, the system isn't in line with the latest changes to Secure Hash Algorithm 2, part of the Transport Layer Security protocol. That means further security issues – the last thing a business wants to deal with when it comes to payments.

To learn more about implementing effective credit processing software, get in touch with 911 Software today.

Payment security concerns need to be regularly addressed by businesses large and small.

The latest major, large-scale payments breach is one affecting Holiday Inn and other chains that fall under the InterContinental Hotels Group banner. That company is a major player in the hotel market, with Computerworld reporting more than 5,000 individual locations in 100 countries, along with at least eight lodging brands in its portfolio. With 1,175 locations affected by the breach of customer payment data, more than one in five of the organization's total holdings were affected.

The extent of the breach

"1,175 locations were affected by the breach of customer payment data."

Computerworld said cybercriminals targeted point-of-service software at the front desks of the hotels, using malware installed in those systems to access customers' payment information. The breach was first brought to the attention of the international hotel group in late 2016, according to industry journalist Brian Krebs.

The breach stretched from late September 2016 through late December of the same year, a statement from the hotel group said. While the business has no evidence of data being taken after the new year began, some hotels didn't have the malware removed from their systems until February and March. The breach stretched across the country, including nearly all U.S. states, the District of Columbia and Puerto Rico. States with the highest numbers of hotels affected included Texas, with 163, California, with 64, Florida, with 61, and Indiana, with 53, Computerworld said.

The investigation isn't and may not ever provide a complete accounting, as InterContinental Hotels Group cannot force franchisees to take part in the investigation and some declined to participate.

Krebs noted 2016 was an unfortunately busy year for hotels and payment data breaches, with nine major chains suffering their ill effects. In particular, Trump Hotels and White Lodging each had to deal with two separate breaches during the year. The common thread running through most of those incidents was the focus on the front desk and its payment systems. Similar to the InterContinental Hotels Group incident, hackers introduced malware into point-of-service systems and then captured the valuable and sensitive payment information.

A focus on safe and secure credit card payment software is vital for businesses of all sizes. The many negative consequences associated with a payment data breach are often hard to overcome, from reputational damage to a decline in customers visiting your business. To learn more about effective card payment processing security, talk to 911 Software today.

Credit and debit cards are a vital element of everyday transactions for many small businesses.

Small businesses have a lot on their plates. Considerations like effective payment processing software can fall by the wayside when there are immediately pressing matters to deal with. However, ignoring the need for a secure and effective channel for processing credit and debit card payments can result in a number of negative consequences, including lower revenue and lost business.

Tapping into growing consumer sentiment

An article in local Massachusetts paper The Salem News tapped into a nationwide issue: The slow progression of smaller businesses toward accepting payments via credit and debit card. While it's hard to properly count all the businesses across the country that don't take cards and other, newer forms of payment, there are still many merchants that have never accepted credit cards or had a single bad experience and haven't gone back.

"Businesses have to reassess their position on credit and debit card payments."

Why is that a problem for business owners? Because they miss out on a significant amount of sales. The cost of not accepting these payments was $100 million in 2012, according to Intuit, and overall consumer preference for card payments overall has only grown since then. While many smaller companies have made strides in terms of their payment processing choices, a lack of these tools still has a significant impact on the vast majority of such enterprises.

Cash won't go away completely anytime soon, but it's no longer the most popular method of payment. Consumers of all ages are moving toward credit and debit cards, and that trend isn't likely to reverse in the future. As that slow but steady change continues to occur, businesses have to reassess their position on credit and debit card payments.

One of the most significant factors for such companies in the past was the cost associated with processing these payments. While there is still a financial obligation associated with maintaining these systems, costs have generally gone down as the market for credit card processing has diversified and grown overall. A decision that might not have made sense 10 or 15 years ago could easily be much more attractive at this point, especially when consumer preferences for credit and debit cards are taken into account.

As more and more consumers look to pay with cards instead of cash, many businesses can't afford to avoid the issue any longer.

A data breach at quick-service restaurant chain Arby's had some serious consequences.

Data breaches are difficult for businesses to contend with, even more so when they have deficiencies in their compliance efforts or don't have secure payment processing software. The recent news of quick-service restaurant chain Arby's experiencing a significant attack is another reminder of how important it is for businesses of all sizes to prioritize data safety and the Payment Card Industry Data Security Standard. While final details have yet to be released related to the breach, USA Today said projections indicate 355,000 or more credit and debit cards may have been involved.

Cash register malware to blame

"More than 355,000 credit and debit cards may have been involved in the breach."

The restaurant company said it began an internal investigation into the unauthorized capture of payment data soon after it learned of the incident, according to a statement it provided to USA Today. Arby's brought in computer security specialists and coordinated with law enforcement to find the root cause of the attack, but not before hundreds of thousands of customers had sensitive payment information compromised. The breach was very similar to those that affected major retailers like Home Depot and Target in recent years, which also involved very large numbers of  customers.

Brian Krebs, digital security specialist, initially confirmed the story via sources at a number of banks and credit unions. He said Arby's indicated it had already remediated the breach as of early February. The company also said the Federal Bureau of Investigation had requested the company keep the news of the breach quiet when it was first discovered in mid-February.

Only Arby's corporate locations, which are managed directly by the company, were affected. Franchised stores, owned and operated individually or in groups by individuals outside of Arby's corporate structure, didn't suffer any damage from the breach.

Speaking with USA Today, Dan Berger, CEO of the National Association of Federally-Insured Credit Unions, said the increase of retail breaches should be a priority in terms of boosting security.

"Last year, the number of data breaches shattered all records and climbed 40 percent higher than reported in 2015 and there is no sign of the criminals letting up," Berger said to the paper. "In 2017, we have already hit 110 breaches, a 36 percent hike over the same time last year."

Despite the attention focused on large chains suffering data breaches, every retailer is potentially at risk for such an attack. Using secure credit card processing software and following compliance guidelines can mean the difference between exposure to a breach and being protected.