One of the nation's largest technology retailers was hit with a cyberattack, one that may have exposed consumers' sensitive financial information to prying eyes.
Best Buy, the Richfield, Minnesota-based multinational consumer electronics retailer, informed customers via its website about the breach, which it believes took place in 2017, USA Today reported.
"We, like many businesses, use a third-party for the technology behind this service, and that company, 7.ai, told us recently that they were the victim of a cyber intrusion," Best Buy corporate noted in an official statement. "Their information suggests that the dates for this illegal intrusion were between Sept. 27 and Oct. 12, 2017."
The company went on to note that if, indeed, 7.ai did have its cyberwalls overrun, some Best Buy customers may have had their data stolen. It stressed, however, that "only a small fraction" of its online customer base was impacted, as far as it knows.
Best Buy encouraged its customers to reach out by email or through the company's website should they have any comments or concerns. It also assured those who were affected that they won't be charged for fraudulent purchases, whether done via credit card processing or some other payment means.
This most recent incident is only the latest to affect the retail sector. Other companies that have experienced a breach in 2018 include Saks Fifth Avenue, Panera Bread, Kmart and Sears.
911 Software has the point of sale technology that can help protect customers' data privacy. Click the "Products" tab at the top of the page to learn more.
Cybersecurity isn't an issue confined to consumers or business owners. In one fell swoop, entire cities can be crippled electronically by unsuspecting online users clicking on something they shouldn't.
This is precisely what Atlanta is experiencing after a devastating ransomware attack that has resulted in headaches and hassle for hordes of people.
"The SamSam virus hit Atlanta on March 22."
As reported by multiple sources, city services were stymied on March 22 when a ransomware strain – dubbed SamSam – hit Atlanta's servers. Numerous public officials were locked out of their laptops and handheld devices. Even run-of-the-mill services – like parking meters – were rendered effectively useless. Financial documents for government workers were also hit, preventing some individuals from accessing them.
"Everything on my hard drive is gone," Amanda Noble, Atlanta city auditor, told Reuters.
Noble noted she knew something was wrong right away when she showed up for work March 22, only to discover upon launching her personal computer that it had been hacked.
How ransomware works While there are many strategies cybercriminals use to gain access to private data, ransomware is increasingly popular because of its reach and capacity to cause maximum harm. A type of malware, ransomware produces a screen or image when a computer or server is hit, with verbiage telling the user their software has been compromised and their data encrypted. The only way they can get it back is by paying a dollar amount that the hacker establishes. Security experts note while the monetary demands can be substantial, they're usually not astronomic, as their end game is victims actually coming up with the money. However, even if those affected have the means, there's no guarantee hackers will release the data once payment is made.
"It's extraordinarily frustrating," Atlanta councilman Howard Shook told Reuters. Shook noted the SamSam worm led to the losses of 16 years' worth of digital data.
While businesses and consumers have been the main targets, cities and towns are increasingly in hackers' crosshairs. Last year, Yarrow Point, Washington was hit with a ransomware strain. As noted by StateScoop.com, the mayor wound up paying to get the stolen data back, to the tune of $10,000. Purveyors of the SamSam virus demanded $51,000, according to The New York Times.
"Ransomware attacks rose sharply in 2017."
6 in 10 say they've never heard of ransomware Although ransomware attacks are increasingly prevalent, they're not something that many people have heard about. In a survey conducted by Acronis, 60 percent were not familiar with the term, despite its fallout expected to lead to $11 billion in worldwide losses in 2019. Additionally, forms of ransomware, or variants, rose 46 percent in 2017.
"When it comes to a ransomware attack, prevention is the most effective defense," warned Eric O'Neill, counterintelligence operative who used to work for the FBI. "No business or person is safe. An effective data protection strategy, which includes regularly backing up data and training employees, can go a long way in keeping your data out of the hands of cybercriminals."
Ransomware is an equal opportunity offender, immobilizing servers, mobile devices and even credit card payment processors. 911 Software has the services you need to keep your business – and your customers' financial data – protected.
Relative to other industries, the restaurant and food service sector has remained relatively unscathed from cyberattacks, whether due to more effective credit card processing strategies, compliance or simply good fortune. But major eateries are increasingly feeling the fallout, with Panera Bread the latest victim.
First reported by KrebsOnSecurity, hackers were able to successfully breach Panera Bread's website, surfacing the credit card information specifics of a disputed amount of customers. Not only were their account numbers leaked, but mailing addresses, names and birth dates were exposed as well.
"Panera may have known about the breach since August 2017."
Perhaps the most egregious aspect of the compromise is the fast-casual chain reportedly knew about the breach but failed to publicize it, KrebsOnSecurity reported.
Brian Krebs, cybersecurity writer and purveyor of the website that broke the story, indicated the breach became known to him after receiving an email from a cybersecurity researcher, who said he informed Panera about the matter last summer. Panera IT director Mike Gustavison replied, saying the company was "working on a resolution," but eight months later, the breach hadn't been resolved.
"No, the flaw never disappeared," wrote security researcher Dylan Houlihan to KrebsOnSecurity. " He added in the email that he checked on the status of the situation on a fairly regular basis, once every month or two.
John Meister, Panera Bread chief information officer, told CNBC that the issue when first reported to the company was addressed and contained, but they have since implemented added measures to ensure due diligence.
"Panera takes data security very seriously and this issue is resolved," Meister told CNBC. "Following reports today of a potential problem on our website, we suspended the functionality to repair the issue. Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved."
Panera says breach leaked data on 10,000 customers But there's conflicting information on just how big the breach was. Meister informed CNBC the leak was isolated to 10,000 customers, but Kreb said his intel and sources put the total at 37 million.
The fast-casual bakery and cafe franchise is the latest company to feel the effects of cybercrime. Each passing day seems to bring yet another, and in a variety of industries, like retail, social media, transportation and health care. According to IBISWorld, the entertainment industry, commercial banking, health and medical insurance and big box retail are among the leading sectors that have seen greater amounts of security threats. Target informed customers back in 2013 roughly 40 million customer credit cards and debit cards were exposed, but further investigation revealed the hack involved 110 million customers.
More recently credit agency Equifax experienced a similar incident, wherein follow-up analysis found the breach impacted more accounts than originally presumed. But in March, Equifax announced 2.4 million more customers were affected than its first estimate, putting the total number at nearly 148 million, according to The Washington Post.
Massachusetts set to sue Equifax While a breach may not necessarily result in hackers obtaining consumers' identifiable data, it provides them the opportunity. Those actually affected have turn to the courts for legal recourse. In fact, a state court recently gave the go ahead for Massachusetts to file a class action lawsuit against Equifax on behalf of the businesses and consumers impacted, Reuters reported.
Suffolk County Superior Court Judge Kenneth Salinger, who rendered the decision, noted the lawsuit had standing because Equifax is duty bound to protect the sensitive data of its customers, which it failed to do.
"These allegations state a viable claim for violation of the data security regulations," Salinger wrote in his decision, as quoted by Reuters.
Businesses that neglect to use the proper credit card processing security measures can feel the adverse consequences in a host of ways, including public relations, productivity and earnings. 911 Software provides the tools to keep your customers' data behind closed doors.
Dozens of retailers have been affected by cybercrime over the past decade or so, some on multiple occasions. Luxury brand Saks Fifth Avenue is the latest to fall victim to the pervasive threat, the hacker exposing sensitive data conducted via credit card processing.
Hudson's Bay, which owns both Saks Fifth Avenue and Lord & Taylor, confirmed the security breach took place the final weekend of March, The Wall Street Journal reported, one of the busier periods on the sales calendar given the Easter holiday.
"We have identified the issue, and have taken steps to contain it," the company's spokesman stated, as reported by the newspaper. He went on to mention that the proper authorities have been informed of the breach and the company is doing everything it can to assure customers' protection. This includes Hudson's Bay providing complimentary identity theft protection services, which also features credit monitoring.
"Data breaches are expected to increase in 2018."
Even though most businesses today recognize the threat identity theft poses and have put in place security strategies, hackers are seemingly adjusting to the obstacles thrown in their way. Although it's not yet known what type of breach perpetrators used in this most recent incident, security experts believe ransomware attacks will proliferate in 2018 and beyond. Last year, ransomware cost those victimized $5 billion and in 2019, the financial toll is expected to reach $11 billion, according to Acronis.
Eric O'Neill, data security expert and former FBI counterterrorism and counterintelligence operative, said ransomware attackers don't discriminate.
"No business or person is safe," O'Neill warned. "An effective data protection strategy, which includes regularly backing up data and training employees, can go a long way in keeping your data out of the hands of cybercriminals."
While investigators aren't sure about the means by which the Saks Fifth Avenue breach was performed, they're pretty sure about who's behind it. The group is known as JokerStash Syndicate. Dmitry Chorine, chief technology officer at Gemini Advisory, told the WSJ that this entity was able to skirt past security and tapped into the luxury retailer's point of sales system. He added JokerStash – otherwise known as Fin 7 – has been involved in breaches before, though they were far smaller in scale.
Quarter million credit cards exposed As for how many customers had their payment data outed, Gemini Advisory puts the preliminary total at 125,000 credit cards, The Wall Street Journal reported.
Easter weekend typically sees increased customer traffic for retail stores and chains and this past holiday was no different. Spending is projected to exceed $18 billion, which if reached would be a near all-time high, according to the National Retail Federation. Eighty percent of shoppers were forecast to spend $150 per person, mainly at discount and department stores.
"Customers are urged to check their accounts."
Saks Fifth Avenue has stores in 22 states The Easter weekend breach remains an ongoing investigation. So far, Hudson's Bay says it believes the attack originated from one of its New York locations, The Associated Press reported, but it's also possible it came from a store in the Northeast. Saks Fifth Avenue has a presence in 22 states.
"We wanted to reach out to our customers quickly to assure them that they will not be liable for fraudulent charges that may result from this matter," the company said in an updated statement on April 2 at its website. "Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring."
It added customers should be sure to check their account statements and inform the appropriate credit card issuers immediately if they notice transactions conducted without their prior authorization.
911 Software specializes in processing solutions, providing secure POS systems since our founding in 1995. Contact us to learn more about installing the point of sale system you and your customers can trust.
Today's credit card processing software allows businesses to accept a wide variety of card types. However, with people being creatures of habit, million of Americans prefer to use the same one time after time, according to the results of a recent survey.
"More than 1 in 10 people haven't switched from their preferred credit card in 10 years or more."
An estimated 49 million Americans tend to go with the same credit card when paying for goods or services by credit, based on a new poll conducted by CreditCards.com. Additionally, of the nearly 1,700 adults who participated in the survey, 12 percent said they haven't switched cards in a decade or longer. That's the equivalent of 20 million people in the U.S. who haven't changed cards in 10 year or more.
Diversifying credit card use is best There's nothing inherently wrong with going to the same credit card. But at the same time, credit diversification helps to strengthen credit scores, as the types of credit used is one of the factors credit agencies rely on to determine buyers' three-digit rating, according to Equifax. Other factors include payment history, the ratio between how much credit is used and what's available and account types.
It behooves businesses to accept more than one credit card type, as well, given that there are so many subscribers customers can choose from, not to mention the fact that many buyers do aim to switch up the frequency with which they purchase with one versus another.
More than 2 in 3 Americans pay by credit card Something that most Americans share in common is credit card utilization, viewing it as another way to buy when they're short on cash or shore up their credit scores. The third most common way Americans spend money is with credit cards, according to recent statistics available from Blackhawk Network. In 2016, nearly 70 percent of shoppers paid by credit card on one or more occasions, behind only cash and debit as more frequent payment types.
For more than 23 years, 911 Software has provided merchants with the superior, seamless, reliable card processing services that paying by credit is known for. We're a trusted payment solution firm, boasting tens of thousands of satisfied businesses since launching in 1995.
Card processors are everywhere, making paying by debit a breeze for customers with bank accounts. Recognizing the frequency with which this form of payment is used, fraudsters targeted debit cards last year, resulting in a sharp increase in reported breaches, according to newly released statistics.
"3 in 4 consumers use debit cards to make payments."
TJ Horan, FICO vice president of fraud solutions, noted debit-related breaches have never been more prevalent than they are today.
"The number of compromises and the number of card members impacted set a new record last year," Horan explained in a press release. "While most devices are safe, fraudsters are developing new technology and methods for hacking ATMs."
Consumers these days have a variety of options to pay for goods and services, with debit being chief among them. Seventy-five percent paid with debit in 2016, the most recent year for which data is available, with 87 percent spending with cash, according to Blackhawk Network cash still the most common form, though not as prevalent as in yesteryear. In 2016, the most recent year for which data is available, 75 percent used debit on at least one occasion, according to Blackhawk Network. Eighty-seven percent spent with cash.
Vigilance is paramount In order to guard against being preyed upon, Horan advised consumers must be vigilant about their debit card use and should perform their due diligence by keeping tabs on their checking accounts to ensure that everything looks accurate. Unauthorized withdrawals should be flagged immediately and brought to banks, merchants or other financial institutions' attention.
It's no coincidence that as payment varieties have risen, financial security incidents have followed suit. Perpetrators today have a broader swath of payment vehicles to exploit, evidenced by fraud incidents reaching an all-time high in 2017. Indeed, 84 percent of executives acknowledge they, too, were impacted by fraud in 2017, according to analysis conducted by risk solutions provider Kroll. That's up from 82 percent in 2016.
Data-based fraud also affected everyday consumers at an unprecedented rate in 2017, not just through debit cards. There was an 8 percent increase in identity theft last year, according to calculations conducted by Javelin Strategy & Research, costing victims approximately $16.8 billion.
Although the boom in payment vehicles gives scammers a larger pool of potential victims, consumers and business owners have more tools to keep themselves protected, Javelin Strategy & Research fraud and security expert Al Pascual noted.
FICO offered consumers a few awareness strategies that can be helpful:
Contact card issuers immediately Issuers aren't just there to facilitate a transaction; they're also available for customer assistance and assurance. If you lose your ATM card or have reason to believe it was compromised, inform the issuer about your suspicions and ask for a new card and number.
Get into the account checking habit Online and mobile device tools have made due diligence a snap, but all too often, debit and credit card users fail to utilize them. Log on and take a peek at your account frequently to ensure there haven't been any unauthorized transactions.
Be cautious when withdrawing money from ATMs ATMs get patronized regularly, many open and available 24 hours a day, seven days a week. Before withdrawing cash, ensure no one is peering over your shoulder or invading your personal space. Also, if an ATM looks old, outdated or unusual, steer clear and use one that your financial institution owns or may be affiliated with.
Your customers can protect themselves from the potential for fraud, but merchants can make the payment process more seamless and safe for their customers by investing in the proper card processing software. 911 Software, Inc. has the tools that can help thwart data theft.
From credit card processing to mobile payment technology, consumers these days have a variety of ways in which to pay for products and services. At the same time, these eclectic purchase methods offer cybercriminals numerous opportunities to steal identities, and in 2017, the crime reached an all-time high, according to the results of a recent study.
Approximately 16.7 million Americans were victimized by fraudsters last year, based on newly released figures from Javelin Strategy & Research. That's the largest number of individuals affected by identity theft since 2003, when the San Francisco research and advisory firm first started recording the statistic.
"Identity theft incidents rose in 2017."
It's not as if business owners aren't aware of the threat posed to themselves and to their clientele. Companies have invested millions of dollars into mounting a successful defense against data hacking. However, those seeking to steal sensitive data are constantly refining their strategies in a bid to outmaneuver the obstacles that lie in their path. Unfortunately, they frequently succeeded in 2017, impacting 1.3 million more U.S. consumers last year than during 2016, the report found.
Al Pascual, Javelin senior vice president of research and point person for fraud and security, indicated that last year was a period that con artists will want to mimic in 2018.
"2017 was a runaway year for fraudsters, and with the amount of valid information they have on consumers, their attacks are just getting more complex," Pascual explained. "Fraudsters are growing more sophisticated in response to industry's efforts to implement better security."
Defenses used frequently insufficient It may be that the cybersecurity steps business owners are taking aren't quite cutting it, even though they may seem sufficient at first blush. In a survey the Ponemon Institute conducted and IBM sponsored, nearly 8 in 10 organizations felt like the cyberdefensive strategies they'd implemented in the past year made them more resistant to being preyed upon by data thieves. Yet at the same time, more than three-quarters conceded they didn't have a formal cyber incident response program set up. Additionally, close to 50 percent said their cybersecurity plans were run-of-the-mill regular or so ad-hoc as to be tantamount to nothing.
Ted Julian, IBM vice president of product management, said organizations' belief they're better off today than they were last year may stem from people they've hired who specialize in cybersecurity.
"Roughly 30% of data breaches in 2017 affected credit cards."
Social Security numbers in hackers' crosshairs The ubiquity with which credit cards are used – in person and online – serves as fertile ground for cybercriminals to strike, which may explain why roughly a third of all consumer data breaches are credit card related, the report found. In 2017, however, more people had their Social Security numbers stolen than their credit cards, impacting 35 percent of respondents in the Javelin Strategy & Research analysis.
David Wagner, chief executive officer for email data protection and detection firm Zix, said hackers exploit any and every opening they can, whether it's directed at consumers or business entities.
"Companies need to re-evaluate and prioritize the security of data that is most critical to their success and growth, whether it be intellectual property they're storing in the network or confidential corporate information they're communicating in email," Wagner told Due, an online invoicing platform.
Wagner added that as important as reliable credit card processing software and other security technologies may be, it can't be the only method by which companies shore up their defenses. Businesses must also more regularly and thoroughly review their "corporate governance structure," which when done on a more consistent basis, can provide clarity on what security strategies are working and which could use added reinforcement. As far as software is concerned, it's crucial to keep the mechanisms in place up to date, so push notifications informing users of security upgrades should be prioritized as soon as they make themselves known.
Gross domestic product growth is robust and job creation is swift for the U.S. economy, an encouraging trend that has enabled both businesses and consumers to increase their earning power. But these successes weren't without some adversities along the way, much of it stemming from cybercrime, where companies – and by extension, the country's economy – were bilked out of their hard-earned money, a recent report reveals.
"Data security breaches may cost the economy upwards of $100 billion in 2016."
According to newly released figures from the Council of Economic Advisers, an arm of the White House, data security breaches cost the economy somewhere between $57 billion and $109 billion in 2016, Bloomberg reported. With companies accepting more forms of payment to improve convenience hackers have a greater number of avenues through which to steal identities and make off with sensitive data that businesses keep in their storage systems.
International cyberthreats significant While most of the attacks come from within the U.S., cyberthreats are international, hatched from countries all over the world, including Iran, China, North Korea and Russia, the Council of Economic Advisers detailed in its report.
"These groups are well funded and often engage in sophisticated, targeted attacks," authors of the report wrote. "Nation-states are typically motivated by political, economic, technical, or military agendas, and they have a range of goals that vary at different times."
These attacks come in a variety of forms, the report went on to state, including ransom, where businesses are given an ultimatum: pay up or face the consequences. Those victimized may never get their data back – even if they do pay the ransom fee – or their computer systems may be infected with malicious software.
"The Cost of Malicious Cyber Activity to the U.S. Economy" report also defined the types of actors who participate in these attacks, among them so-called "hacktivists," which the CEA described as typically private individuals who are agenda driven, often politically.
"Cyber threats are ever-evolving and may come from sophisticated adversaries," Bloomberg quoted from the CEA report. "Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate."
"Companies say they've hired more personnel to handle data security."
77 percent admit they don't have a cybersecurity protocol Some companies, however, may not be taking cybercrime as seriously as they ought to be, in effect believing they won't be compromised or simply failing to prioritize protection out of a false sense of security. More than three-quarters of businesses confess they lack a formal cybersecurity plan, according to a separate study conducted by the Ponemon Institute. Nevertheless, 7 in 10 are of the mind that they're in better position to fend off an attack than in 2017.
Ted Julian, vice president of product management at IBM Resilient, which sponsored the study, chalked up business owners' confidence to better staffing, hiring those who are trained to deal with hacks.
IT personnel represent only one part of the data security puzzle. 911 Software has the credit processing software that can more effectively shore up your company's defenses.
With credit card processing fraud increasingly prevalent – as well as other forms of identity theft – IT security experts and buyer-beware consumers are calling on the government to implement more defensive measures through which Americans can protect themselves when buying in store or online. Oregon appears on the cusp of making increased due diligence a reality.
On March 1, the Oregon House of Representatives overwhelmingly passed a bill that, if signed into law by Governor Kate Brown, would require merchants to inform customers of a successful cybersecurity attack within 45 days of its detection. Fifty-eight of the state's lawmakers voted in favor of Senate Bill 1551, with only one opposed.
Although increased scrutiny has been a brewing issue in Oregon for awhile now, SB 1551 got much of its verve after credit agency Equifax reported more than 145 million consumers' credit information had been compromised last year. Indeed, the nickname of SB 1551 is the Equifax bill.
Ellen Rosenblum, Oregon's attorney general, noted in written testimony that consumers in the Beaver State were particularly hard hit.
"1.7 million Oregonians were impacted by the Equifax data breach."
"Oregon fared no better – over 1.7 million of Oregonians' information was breached," Rosenblum stated, according to the East Oregonian. "As one cannot change their Social Security Numbers, this is a breach that will follow Oregonians for many years to come. Not only does the sheer size of the breach cause concern, but the Equifax story revealed many other failures and unfair practices."
The financial fallout from the cyber incident has resulted in class-action lawsuits against Equifax, filed on behalf of the thousands of Oregonians who were adversely affected, according to State Scoop.
"Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach," the text of a lawsuit filed in federal court charges. "Equifax could have and should have substantially increased the amount of money it spent to protect against cyber-attacks but chose not to."
Consumers can have credit frozen for free Should SB 1551 be signed into law as currently constituted, in addition to the 45-day notice required of affected businesses, consumers would have the ability to have their credit identities frozen – and unfrozen – free of charge, according to the Statesman Journal.
Cyberattacks have become frighteningly frequent, especially for consumers who regularly use their debit and credit cards for payment processing. At least 1,579 breaches transpired nationwide last year, according to the Identity Theft Resource Center. That's a near 45 percent increase from 2016, a year which had held the all-time record.
Eva Velasquez, ITRC president and CEO, indicated that part of the notable rise stems from businesses being more forthcoming as to when they've been compromised.
"We've seen the number of identified breaches increase as a result of industries moving toward more transparency," Velasquez explained. "We want to encourage businesses and government entities to continue to provide timely reports to their respective Attorney Generals [sic] so consumers can be better informed on what are the immediate and long-term impacts to their personal information by any given data breach."
Eight states have credit freeze legislation in place Oregon isn't the only state making cybersecurity more of a priority, and in the process, giving consumers and business impacted more outlets through which to address these issues when they present themselves. Indiana, Maine and the Carolinas have laws in place permitting residents to freeze their credit profiles at no charge, as noted by State Scoop. New Jersey, Maryland, New York and Colorado offer similar services but they may be required to pay a fee to have the freezes removed.
Paul Cosgrove, a representative for the Oregon Bankers Association, told the Statesman Journal the Equifax hack was an eye opener because it touched so many lives.
"We are all subject to clever and very smart hackers and we need to be especially watchful to make sure our systems stay one step ahead of them," Cosgrove warned.
While the credit reporting giant initially believed the attack affected 141 million consumer, it announced recently that new evidence suggests it was more pervasive, impacting an additional 2.4 million in the U.S. whose private data was compromised.
In a statement, Equifax interim CEO Paulino de Rego Barros Jr. said the company will do everything it can to protect consumers and inform them directly if their identities have been stolen. The most common data cybercriminals seek are Social Security numbers and credit card specifics. In 2017, more than half of the reported breaches affected victims' Social Security and 19 percent debit and credit cards, according to the ITRC.
The best offense against cyberattacks is through a good defense. Contact 911 Software to learn more about the credit card payment software that can help keep consumers' financial data safe and secure.
Although business owners are adopting more strategies to outwit cyberattackers bent on stealing consumers' sensitive data – such as with credit card processing software – hackers are refining their tactics as well. The lengths to which they've gone were evidenced last year, as data theft incidents reached a regretful record.
There were approximately 1,579 data breaches in the U.S. during the 2017 calendar year, according to recently released figures computed by the Identity Theft Resource Center. Not only was that higher than the total recorded in 2016, but it far exceeded it, jumping 45 percent.
"The business sector felt the majority of data breaches in 2017."
No industry was affected at a more prevalent rate than business. Indeed, 55 percent of breaches impacted the business industry, according to ITRC, with medical and health care in a distant second at 24 percent and banking rounding out the top three (9 percent). Education and government accounted for 8 percent and 5 percent, respectively.
In the health care sphere, insufficient training appears to be exacerbating the cybersecurity issue, according to audit and advisory firm KPMG. Of the 154 health care and science leaders that took part in a recent poll led by KPMG, a slight majority said they weren't aware of what the protocol was for how to deal with these events.
"To borrow a phrase from the movie Cool Hand Luke, 'what we've got here is a failure to communicate,' and that certainly applies to health care organizations in their cyberattack protocols and response plans," warned KPMG cybersecurity expert Michael Ebert. "Health care IT leaders need to communicate more effectively and frequently about the tremendous risks and potential ramifications tied to cyber incidents, and that includes training."
8 in 10 businesses hit by breach worldwide The latest statistics on cybersecurity follows a similarly worrisome report, which showed the vast majority of companies worldwide experienced at least an attempted breach in 2017. According to the Kroll Annual Global Fraud & Risk Report, 86 percent of executives were impacted by an incident associated with the illegal access of financial data, a 1 percent increase from 2016.
When Social Security data is exposed, it can present a host of issues that can be difficult to reverse for those affected. This may explain why this type of data was attackers' prime target in 2017, with 158 million of them uncovered, based on data from the ITRC. Around 20 percent of these incidents were obtained through debit and credit card processing.
Karen Barney, director of program support at the ITRC, indicated that identity theft most definitely falls under the crimes of opportunity banner, as there are numerous avenues through which consumers' sensitive data can be obtained.
"While a Social Security number continues to be the most valuable piece of information in the hands of a thief, even the exposure of emails, passwords or usernames can be problematic as this information often plays a role in hacking and phishing attacks," Barney explained, according to Information Security Media Group.
60 percent of breaches hack-related Hacking was the lead method of operation for cyber thieves, ISMG reported from the study. Around 60 percent of the successful attempts were hack-related, with phishing being the most common at 21 percent. Malware breaches were the second-most frequent at 12 percent, followed by credit card skimming (2 percent).
Eva Velasquez, president and CEO of ITRC, told Information Security Media Group that the best data breach reports are highly detailed, because they provide information on what strategies cyber thieves are using. Fortunately, more businesses are putting this knowledge into practice.
"We're seeing more transparency from companies, including the actual number of records impacted," Velasquez said.
So long as businesses are processing payments, cybertheft is not only possible, it's probable. Get in touch with 911 Software to learn more about implementing an effective and preventive point of sale system.
As local and franchise businesses install top-of-the-line credit processing software, attempting to stay a few steps ahead of identity thieves, lawmakers in Washington are considering passing a bill that would create a national data breach notification system. The thrust of the program would be to create a centralized reporting warehouse consumers and businesses could go to for more information about the latest scam or virus making the rounds. The law would also mandate entities inform their customers about breaches promptly if ever compromised.
But before legislators give it serious consideration, the National Retail Federation is imploring them to leave no stone unturned.
"The NRF says a breach notification system must not leave any holes."
In a statement issued by the world's largest retail trade association, the NRF stressed that in today's day and age, in which cyberscams are rampant, lawmakers can't afford a Band-Aid approach to countering data attacks. In short, if a program is going to be passed, each and every industry needs to be held accountable, as customers have a right to know what's happening with their sensitive financial information.
"American consumers want to know if their data has been breached no matter where the breach occurs," stressed Paul Martino, vice president and senior policy counsel at the NRF. "No industry should be allowed to keep its data breaches secret."
30 states have considered legislation Several states already have data breach notification laws in place, including Delaware, Maryland and just recently New Mexico, according to the National Conference of State Legislatures. Since 2017, nearly two-thirds of state governments have at least considered bills that deal with cybersecurity awareness. No overarching federal law exists as of yet, even though the NRF has long called for a uniform national data breach bill.
Cyber incidents are not only more damaging, they're proliferating, in part because more people and businesses have an online presence. Last year, a whopping 84 percent of companies experienced fraudulent activity that used the internet as a means of entry, according to Kroll.
Hearing on cybersecurity held Feb. 14 The frequency of these attacks is part of the reason why Congress appears to be taking the issue more seriously. Indeed, the Subcommittee on Financial Institutions and Consumer Credit recently convened on Capitol Hill, where discussions were had on how the public might best deter cyberwarfare.
"Every year, the number and severity of data breaches seems to increase, and more Americans seem to become victims of fraud and identity theft," warned Blaine Kuetkemeyer, chairman of the subcommittee. "Consumers are left not only facing financial harm but also the daunting task of restoring the integrity of their personal information."
The ideal strategy is prevention. For more than 20 years, 911 Software has provided trusted payment processing solutions to tens of thousands of merchants. We're constantly refining our systems to help merchants of all types remain vigilant in today's highly connected age.
Last year will certainly go down as one of the more memorable periods for problems plaguing business owners. Wildfires, floods, tornadoes and damaging hurricanes tore a path of destruction that had many wishing they'd better prepared. But Mother Nature wasn't the only threat that was seemingly unrelenting. The ominous clouds of cybercrime left business owners with a real mess on their hands.
In 2017, nearly 85 percent of business owners – including small, midsized and large – were impacted by some variety of cyberwarfare, according to newly released statistics from risk solutions firm Kroll. That's up from 82 percent in the 2016 annual poll and 61 percent in 2012. In fact, cyber incidents have risen on an annual basis for five consecutive years.
"Data theft was the most common cyberattack last year for businesses."
From phishing to ransomware, cyber scams come in many forms and varieties, with some more devastating and hard to reverse than others. In 2017, data theft was the most prevalent type, the report found. Nearly 30 percent of managers surveyed acknowledged they were affected by stolen information, a 5 percent uptick from 2016. The second most common was theft of physical assets, like stocks or bonds.
Jason Smolanoff, Kroll senior managing director and global security practice leader, indicated that as the document and payment processing world leans further into the paperless camp, hackers have more opportunities to wreak havoc and cause panic.
"In a digitized world with growing levels of data creation, collection, and reliance for businesses, information assets have become increasingly valuable and exposed to threats," Smolanoff explained. "Exacerbating the challenge of safeguarding data is that criminals and other threat actors are continually developing new ways to monetize confidential information, including personal data."
States fighting back Business owners aren't taking these attempted incursions lying down, however. In addition to securing high-quality internet security protection they're also obtaining state-of-the-art credit card processing software, which better protects consumers' sensitive data from being illegally accessed. Several states are getting in on the counteroffensive. For instance, in the Commonwealth of Massachusetts, the Attorney General's office just recently announced the creation of a data breach reporting portal. Area firms and organizations are urged to provide an account of what happened promptly should they be impacted by a successful or attempted breach.
In Florida, in partnership and consultation with research and advisory company Gartner, the Florida Center for Cybersecurity newly released a report detailing to what degree local businesses are protecting themselves and the personal data they have on file from customers.
Sri Sridharan, director of the Florida Center for Cybersecurity, said the analysis is meant to supply the Sunshine State's officials with an update on how resilient businesses are to the effects of cyber incidents.
"Good decisions come from good information," Sridharan explained. "For this report, Gartner looked at many aspects of cybersecurity – from education, workforce demand, and economic factors to technical issues such as incident response capability.
He added that given the ubiquity of data theft, consumers, educational facilities and business entities can't afford to be reactive; they must be proactive.
"Attacks are costing businesses more to recover from."
Incidents cost businesses 7 percent of annual revenues Some who may be taking cybersecurity too cavalierly are paying a costly price. In 2017, cyberattacks caused businesses economic losses averaging between 5 percent and 10 percent of revenues, the Kroll annual fraud and risk report found. That's up from a 3 percent average overall in 2016.
Being victimized by a cyberattack can unspool a thread of challenges and liabilities that can be next to impossible to control once hackers find an opening. Credit card payment software from 911 Software can help you stay one step ahead. Learn more about our products, processors and services at the top of our homepage.
If Massachusetts-based businesses encounter a security breach, in which their in-store payment processing software is hacked or are victimized via e-commerce channels – they now have a local outlet through which to report such a crime.
The Bay State now has a Data Breach Reporting Online Portal, the Office of the Massachusetts Attorney General recently announced. By dialing up the website – located at Mass.gov – affected companies can provide details on the nature of the security breach, how many people were affected and what, if any, steps were implemented to stop the attack or make the appropriate parties aware of what happened.
Maura Healey, Massachusetts' attorney general, indicated both business owners and consumers in the Bay State ought to have every resource available to them to stop these vicious attacks that can prove ruinous to individuals' credit and business owners' public persona.
"Data breaches are damaging, costly and put Massachusetts residents at risk of identity theft and financial fraud," Healey warned in a press release. "So it's vital that businesses come forward quickly after a breach to inform consumers and law enforcement.
Time is of the essence when financial accounts are attacked, Healey added, which is why the newly installed data breach reporting portal is a vital tool of which business owners should make full use.
Even though identity theft awareness has improved, hackers are constantly refining their strategies, aiming to exploit vulnerabilities that either customers or organizations neglected to address. Attacks come in a variety of forms, with some varieties being more ubiquitous than others. For instance, in 2017, ransomware incursions jumped 93 percent from the previous year, according to estimates from software solutions firm Malwarebytes. They rose 90 percent among businesses.
90 percent increase in ransomware attacks for businesses Ransomware attacks have been around for awhile – tracing back to the late 1980s – but they've grown in popularity along with online access, creating outlets through which hackers can strike. They're done by tricking online users into clicking on a link that looks benign, but in reality installs software that effectively hijacks the system. Only the attacker knows how to free the data and demand payment for the information stolen to be released. Even after paying the ransom, though, there's no guarantee the stolen data will be released or fully recovered.
Breaches are equal opportunity offenders, impacting ordinary citizens, consumers and business places of various sizes. In Massachusetts, at least 21,000 instances of data being compromised were reported to the attorney general's office. More than 3,800 transpired in 2017, which wound up adversely impacting in excess of 3 million residents throughout the state.
Keep customers in the loop The National Cybersecurity Alliance advises business owners to make every effort in ensuring their customers know how their financial information is stored so individuals can take the appropriate precautions. For instance, instead of using debit cards for payment – which may be more vulnerable to a breach than other payment methods – credit cards can be a safer alternative, data security experts advise.
To learn more about implementing credit processing software that guards against security leakages, contact us at 911 Software online or by calling directly.
The breach was initially investigated by Brian Krebs, former investigative reporter for the Washington Post and owner of cybersecurity news site Krebs On Security, which broke the story on Sept. 17.
According to his report, multiple financial institutions told Krebs about multiple financial institutions that a pattern of fraudulent transactions stemming from cards used at some of the 3,500 nationwide Sonic Drive-In locations. Upon further investigation, he found that many cards previously used at the restaurant appeared on the site Joker's Stash, a black market hub that allows criminals to buy card information stolen from unsuspecting consumers. The swiped data can then be copied onto blank cards and used freely and fraudulently.
The stolen accounts were categorized by their geographic locations. Offenders could then purchase cards stolen from people that lived near them to avoid an anti-fraud provision which flags or blocks suspicious transactions occurring in locations distant from the card holder's address.
Point of sale processors targeted for customer account information
"Hackers targeted the restaurant's payment processors by remotely spamming terminals."
Krebs notified the company of his findings and a representative provided him with a statement.
The statement noted that during the week prior, the company's credit card processor informed them of suspicious activity occurring with credit cards used to make purchases at the restaurant. Law enforcement and a third-party forensics team was then contacted following the news. During these investigations, policing agencies limited the amount of information the company was able to disclose, but it said it would provide details when they were able.
Sonic then released public statement on Oct. 4 officially acknowledging the data breach. The announcement said the company was still working with authorities and offered free fraud protection to affected customers, but had no additional information on which stores were affected and how many cards were compromised.
Hackers targeted the restaurant's payment processors by remotely spamming terminals with malware, which copied customer account data stored on a card's magnetic strip. According to Nation's Restaurant News, the company recently installed new POS processing systems at 77 percent of its locations. The updated technology was meant to reduce costs and replace the previous Micros Oracle platform, which was over 30 years old. It is still unclear whether the data theft occurred through the new processing units or ones the company has yet to replace.
It's important that companies have the most up-to-date payment processing software available to reduce the chances of falling prey to attacks by malicious hackers. The more secure a payment system is, the more secure customer and company data is.
The deadline for gas stations to implement EMV technology was originally set for October. However, in December 2016, Visa and Mastercard announced they would push the deadline back by three years.
The deadline's extension came as a result of gas station operators expressing their frustrations because they would not be able to fully implement EMV systems into their pumps in time, according to Bloomberg. Many older pumps would need to be wholly replaced, and removed from their concrete bases. The estimated cost to replace these pumps is $30,000 per gas station.
"Criminals have increasingly replicated customer cards with magnetic strips"
High costs being paid by customers for lack of EMV technology
The costs involved with EMV implementation, and its delay, affect not only gas station operators but banks and customers as well.
EMV cards create a unique code for each transaction, making credit and debit cards much more secure than their magnet based counterparts, which have a set code that can be easily duplicated.
CreditCards.com reported, criminals have increasingly replicated customer cards with magnetic strips at pump stations using what are known as skimming devices. Thieves attach one or sometimes multiple illegal gadgets to the internal computing systems and POS card processing terminals at gas pumps. Once installed, the inconspicuous devices copy card information from each transaction at the pump and store it on a microchip that someone comes back to retrieve.
In more recent cases, criminals have used skimmers that wirelessly send card information to a mobile device via Bluetooth or SMS text, making it so that no one needs to fetch the equipment, according to Krebs On Security.
Fueling stations in particular make for easy targets because most pumps have not yet been fitted with EMV technology and they are used by scores of customers throughout the day.
"The devices are being found at small merchants, large merchants, urban, rural, new and old convenience stores, so nobody is exempt," said Kara Gunderson, point-of-sale manager for Citgo Petrolum Corp., to CreditCards.com.
Until the gas station EMV implementation deadline is surpassed in 2020, banks are responsible for covering any stolen funds from the use of magnetic strip cards. After the cutoff date, reimbursement falls in the hands of the station from which the theft originated.
The longer it takes gas stations to transition from magnetic strip readings to EMV technology, the more opportunities criminals have to take advantage of their customers.
Merchants just like you work hard to engage customers, bring them into your storefront and capture sales. There's plenty of time and effort involved in every aspect of managing your business and convincing customers to make purchases. The last thing you want to deal with is a situation where a customer who is ready, willing and able to pay for a purchase can't do so because your card processing software can't connect to the internet and complete the transaction.
How can businesses deal with this potentially frustrating situation that can easily lead to both lost sales and upset shoppers? A payment processing software that can securely capture payment details and store them until the connection is re-established is a major benefit.
Store and Forward keeps businesses running smoothly
"Store and Forward means your business can always accept payments."
When your payment solution can't connect to the internet, there's no convenient or effective way to immediately process a payment and send a customer on his or her way. The alternatives are simply to say you can't make the sale, or have credit card payment software in place that can pass the information along, maintaining informational security throughout the process, once the connection is restored.
In many ways, this is an easy decision for merchants to make. There's no reason to turn down a shopper's intended purchase and send them away empty-handed if an alternative is in reach. Store and Forward is just such an option, one important element of the many advantages 911 Software offers to the businesses with which it partners.
The functionality is simple – the information necessary to process the payment is held until it can be sent along – but its value can't be overlooked. Whether there's a technical issue for your business or internet service provider, a partial power outage, or a physical problem with a hardwired connection, modem or router, Store and Forward keeps revenue coming in and customers happy.
This simple addition to credit card processing software provides an immediate benefit and, perhaps more importantly, a sense of security. Knowing your business can always accept payments – and do so regardless of nearly any other external factor – means resting assured in your ability to confidently complete transactions. It also means sending customers out the door with their purchases in hand and smiles on their faces.
EMV compliance is still a hot topic in the retail and financial services industry. Some organizations have yet to make the transition, and with consumers across the country holding EMV-compliant chip cards, now is the time to adopt this technology.
Some of the most compelling reasons behind EMV involve statistics. Let's take a look at a few important numbers surrounding the transition to EMV today:
9.9 percent CAGR: An expanding market
According to a new report from Market Research Hub, the global EMV point-of-sale terminal market is on track to expand at a compound annual growth rate of 9.9 percent through 2021. This growth is spurred not only by the push toward EMV compliance and adoption of EMV technology, but by contactless payments as well.
"It is well known that today's payment industry is ever-changing and with the increased penetration of contactless payments by consumers, payment gateways and network providers are adopting payment mechanisms involving cards which have become a key trend for market growth," Market Research Hub noted.
600 million chip cards issued
CreditCards.com reported that more than 600 million chip cards have been issued thus far to American consumers. This includes 77 percent of credit cards and 38 percent of debit cards issued by September 2016.
2 million POS terminals
Today, only an approximate 38 percent of retailers are able to process EMV payments with the 2 million EMV-compliant POS terminals currently in place in the U.S. This means that there are still an estimated 15 million terminals in need of an upgrade, according to CreditCards.com.
42 percent of retailers
Surprisingly, there are still some retailers that don't believe in the security benefits of EMV payment process. In fact, Ingram Micro Advisor reported that 42 percent do believe that EMV will make a difference in fraud protection, and the same amount do not.
"Hackers are now having a harder time creating knock-off payment cards."
For those still doubting the advantages of EMV, there are a few crucial things to understand. In addition to the chip itself, customers also enter their PIN for each transaction, further reducing the chances of fraudulent activity. EMV chips are much more secure than magnetic strips, and are much harder for cybercriminals to breach and reproduce. This means that hackers are now having a harder time creating knock-off payment cards with stolen credentials, reducing overall cases of fraud.
60 percent reduction in fraud
Proving the security benefits of EMV is this statistic released from Mastercard. The financial service provider found that fraud has been decreased by 60 percent in terms of dollars among the top five EMV-compliance merchants, PYMNTS reported.
EMV adoption is still underway, and there is no better time to make the switch than now.
It has been over a year since the official EMV liability shift took place. The deadline, October 2015, signaled that businesses and retailers that don't have EMV in place will be liable for the costs of fraud, and not the financial institutions that support customer payment cards.
This was a big deal for the retail industry, as well as for any company that accepts credit and debit card payments. The shift represented the push that many organizations needed to invest in upgraded, EMV compliant point-of-sales systems.
And while adoption is still underway, there's one more factor to consider here: your customers. The official liability shift isn't the only reason to put EMV payment processing in place. Your customers will appreciate it as well! Let's take a look at just a few of the reasons consumers will thank you for enabling them to use their chip payment cards:
Dip or swipe?: Eliminate confusion once and for all
By now, we've all been on the receiving end of this situation: You approach the register, ready to pay for your merchandise. The cashier tells you your total, but when it comes time to pay, you see that the payment terminal accepts both swipe or dip, EMV-supported transactions. So should you swipe your card, as usual, or use the new dip slot for your EMV chip?
"Customers will thank you for eliminating the awkward confusion that can take place at checkout."
According to CBS, this scenario is more common than ever, and can be incredibly frustrating for customers. Currently, there are 5 million EMV-compliant payment terminals at American retail stores, but only 1 million of those accept chip payments.
If your store is EMV ready, you may have to coach your customers for their first few transactions ("Feel free to insert your card into the chip reader at the bottom of the terminal instead of swiping."), but eventually, they'll catch on. And they'll thank you for eliminating the awkward confusion that can take place at checkout.
Ensuring security: A step forward for data protection
Most customers are beginning to understand the need for more secure, EMV chip cards. Besides receiving information about the new chip feature from their bank or financial service provider, many consumers have heard stories about point-of-sales malware, retailers under attack by cybercriminals and the potential that exists for compromised customer payment cards.
For these reasons, providing support for EMV payment card processes can signal your business's commitment to your clients' data security. While many card holders know that EMV chip cards are safer and can help better protect their personal information, they may not know the details behind the new payment processing technology, and that's OK. But you'll know that by accepting EMV chip cards, you're helping to put in place a multipronged payment card security system that seeks to eliminate fraud. According to EMV Connection, EMV boosts the security of payments by authenticating the card itself, the cardholder, as well as the individual transaction, and it makes it nearly impossible to duplicate a card for counterfeit activity.
Overall, EMV payment processes has much to offer today's retailers and service providers. Although the shift in liability is as good a reason as any to make the transition, the appreciate of your customers is another compelling factor to keep in mind.
For the past few months, EMV-compliant payment card processing has been a main focus for retailers across the U.S. With the deadline for transition passing last fall, many merchants are in a hurry to ensure their compliance, and boost security for their customers.
However, EMV wasn't the first security system to be put in place in respects to payment cards. Today, we'll take a brief walk down memory lane, and examine the technologies that led up to this crucial new payment processing technology.
Analog and electronic: The early years
Before the 1950s, the main form of payment was cash. Retailers only had to worry about stocking their registers with enough bills and coins to provide change. By 1959, though, all this changed with the emergence of plastic payment cards. Security measures like the signature panel on the back of the card, embossing and microprint wouldn't come until the 1970s.
The next major developments were made in the mid 1980s, when real-time electronic authorizing was made available in 1985. This was followed in 1990 by the Card Verification Value (CVV) security code, which was used on magnetic strip cards as an extra security precaution.
The birth of EMV
According to Visa and and EMVCo, the first EMV security was first widely introduced in 1994 when major financial institutions – Visa, Europay and Mastercard – provided specifications for card chips. According to Visa, this development actually occurred one year previous to the use of PINs at points-of-sale to help better safeguard cardholders.
EMV technology became instrumental in France in 1994, when every bank in the country began supporting chip card specifications for payment.
"Through issuing chip cards with PINs, the French were able to dramatically reduce fraud due to counterfeit, lost and stolen cards," Chase stated in a whitepaper.
Following its success in France, chip card technology then spread across Europe, with card holders and financial institutions enjoying reduced card security issues alongside more staunch payment card processing protection.
"Now is the time to transition to an EMV payment card processing system."
The push for EMV chip cards became a prime focus in the U.S. in 2015, when a deadline was put in place to signal a shift in liability. By October of that year, every retailer that hadn't upgraded its payment card processing technology to an EMV-compliant system was liable for fraudulent activity.
Transitioning to EMV
Despite a shift in liability, some retailers still haven't put EMV-compliant payment card processing technology in place. In fact, Business Insider reported that only 7 percent of all card transactions in 2016 were made through EMV point-of-sales systems. By comparison, chip cards contributed to 75 percent of all transactions in Europe, 89 percent in Africa and the Middle East and 88 percent of card purchases in Canada over the same time period.
In order to best safeguard against fraudulent payment card activity and offer the strongest available protection for your customers, now is the time to transition to an EMV payment card processing system.
Although EMV cards offer enhanced security for retailers and consumers, some have noticed it takes a little while longer to process payments.
Retailers around the country have adopted EMV chip credit card processors to shield themselves from liability if fraud should occur. These cards offer significant protection against fraud during card-present transactions, but some people have complained about a slightly increased wait time at the checkout counter.
EMV cards do take a little bit longer to process because chip cards transmit an encrypted code that changes with every new transaction, Petoskey News Reported. Although these transactions typically only take a few seconds longer to finish than a swipe purchase, many customer have not been shy about voicing their displeasure with the increased wait time.
Because of EMV cards, the average consumer will spend an additional five-and-a-half hours in the checkout line in 2016, according to a report from payment processing company Cayan. Altogether customers will spend an extra 116 million hours in line due to EMV delays, the source noted. But the slower checkout times have less to do with EMV technology itself and more to do with the nature of a particular business, according to Banking Exchange.
"If you are in a fast-paced, high volume market, a slow speed of transaction will be a detrimental part of it," Sherif Samy, managing director of transaction security operations at Underwriters Laboratory, told Banking Exchange. "If you are in a merchant environment and you would like a dialog with the consumer, then it is less critical. We can't generalize EMV speed of transactions."
Visa and Mastercard – two major companies pushing for EMV adoption – announced earlier this year that were working on technology improvements that should reduce the amount of time it takes to complete an EMV payment.