Cici’s Pizza Data BreachMiCamp Solutions
Cici’s, a national pizza chain, was recently the victim of data breach caused by malware-infected point-of-sale (POS) systems at an estimated 140 restaurants throughout the United States. The company made a statement letting customers know that their payment card information may have been compromised in the attack.
In the wake of the breach, Cici’s hired an independent cyber security firm to remove the malware and make sure their systems were operating normally. The company reassured their customers that the malware was removed from their payment systems and encouraged all customers to report any suspicious activity on their credit card statements.
According to Cici’s, “the vast majority of the intrusions began in March of 2016,” though some locations were breached months earlier. “Point-of-sale based malware has driven most of the credit card breaches over the past two years, including intrusions at Target and Home Depot, as well as breaches at a slew of point-of-sale vendors,” Brian Krebs reports. Loading malware onto POS terminals can be highly lucrative for criminals, since the malware can be difficult for merchants to detect and the criminals are able to capture payment card data remotely from each card swiped at the POS.
Criminals are constantly coming up with new ways to gain access to payment data. By utilizing EMV, end-to-end encryption, and tokenization, a merchant can make sure they are not processing, transmitting, or storing payment information in their environment. EMV produces a unique transaction code each time a payment is made, making it much harder for criminals to use the card data to create counterfeit cards. End-to-end encryption protects card data by encrypting the information from the moment a card is swiped or dipped. Tokenization replaces card data while it is being stored in the merchant’s environment with a random alphanumeric string. While these technologies will not protect POS systems from malware attacks, like the one Cici’s experienced, they help make sure that any data that is stolen is useless to criminals.
Protect your business and your brand with an EMV- and PCI-certified solution. Contact MiCamp today to learn more.