DALLAS (12/14/15)--Cyberthieves have been dining out on restaurant chain point-of-sale (POS) systems recently--a trend that has analysts growing increasingly concerned about data security at smaller, regional merchants and restaurant chains.
The Elephant Bar restaurant chain, the latest target, acknowledged last week that a POS malware attack had occurred at 20 of its locations in November. The affected restaurants were in California, Colorado, Arizona, Florida, Missouri, Nevada and New Mexico (CUInfoSecurity.com Dec. 10).
The incident follows breaches at chains such as P.F. Chang’s and Jimmy Johns, and Al Pascual, director of fraud and security at Javelin Strategy and Research, said POS malware attacks are becoming a more attractive option for hackers.
“I’m wondering how many more of these we will need to see before restaurants come around to EMV,” Pascual told CUInfoSecurity. “Going with a contactless EMV terminal would accommodate growing use of mobile-proximity payments like Apple Pay, which will represent 1.3 billion total transactions in the U.S. by 2019, and reduce the risk of breaches, as EMV data is significantly less attractive to compromise.”
CUNA advocates for the implementation of EMV and other security technologies. However, the nation’s largest credit union trade association strongly believes that implementing these technologies will far from secure the payments system. The massive Home Depot and Target breaches in recent years, for example, would not have been prevented by the presence of EMV.
Elephant Bar, meanwhile, said the malware installed on its POS terminals was designed to scoop up card information, including cardholder names, payment card account numbers, card expiration dates and verification codes.
“Although this incident did not include Social Security numbers, addresses or other sensitive personal information, as an additional precaution we are providing information and resources to help customers protect their identities,” a spokesperson for the restaurant chain said.
The spokesperson also said the chain was not yet aware of how many cards have been affected.
CUNA continues to press lawmakers to pass legislation that would require merchants to uphold the same stringent data security standards imposed upon financial institutions. Gaps in the payments network will remain until merchants are held to the same strict standards, CUNA has said.