This week we learned of another fairly sizable card data breach involving merchants using Harbortouch point of sale systems. Over 4,200 merchants were involved and financial institutions are already seeing fraudulent transactions. The number of compromised cards has not yet been quantified.
Harbortouch confirmed the breach in a statement to Krebs, saying,
“The incident involved the installation of malware on certain point of sale (POS) systems.” They added, “The advanced malware was designed to avoid detection by the antivirus program running on the POS System. Within hours of detecting the incident, Harbortouch identified and removed the malware from affected systems.”
For issuers, instances like this remind us that breaches don’t have to be national in scope or involve a well-known retailer to be very concerning to cardholders. A good cardholder plan of attack should be put in place because, unfortunately, this will not be the last incident. Preventative fraud measures such as limiting transaction amounts and requiring PINs for all debit card transactions help, but are not convenient for the customer. A rapid approach for getting new cards back in the hands of cardholders, perhaps an EMV card, is also needed so your particular payment product doesn’t get relegated to the back of their wallet.
Overview by Sarah Grotta, Director, Debit Advisory Service at Mercator Advisory Group
Read the full story