You may have never heard of Harbortouch Security, but the chances are very good that your credit card has danced at least once with them. The company provides point-of-sale (POS) systems (aka, “those newfangled cash registers”) to around 150,000 businesses, mostly restaurants and bars. When several banks discovered breaches in at least 4,200 of their customers’ accounts, they started to suspect that the credit card processing company had been compromised.
Malware in Point-of-Sale Systems
It appears the credit card hackers designed a malware to target POS terminals at the businesses Harbortouch serves. The malware scrapes data from each credit card swiped, and sends it off to the bad guys without a trace (akin to what happened to Target last year when their POS system was hacked).
Harbortouch confirmed the breach, saying, “The advanced malware was designed to avoid detection by the antivirus program running on the POS System. Within hours of detecting the incident, Harbortouch identified and removed the malware from all of their affected systems.”
Holes in the Software
While Harbortouch’s own network was not affected, it appears that the hack was due to a vulnerability in their software. In the biz, we call these flaws in the software “holes.” Security holes running on the server are the number one way for online hacks to worm their way “into the system.”
To sort out what happened and close the holes, Harbortouch hired a network forensic investigative firm.
The company is also coordinating efforts with law enforcement to assist them in their investigation. Luckily, Harbortouch stated that only a small percentage of their customers were affected.
Fool Me Once….
You would think Harbortouch would have learned their own lesson by now. Why do I say that? A few months ago, a breach was discovered at POS terminals at the restaurant chain P.F. Chang’s. Harbortouch was quick to point fingers at the restauranteur on their corporate blog, emphasizing the importance of data protection and instructing how to avoid data breaches.
Recently, some banks were set on high-alert after many stolen cards were used to buy goods at big box stores, like Wal-Mart. The banks instituted major changes to the way they process debit card transactions, yet the fraud remains unexplained.
Hopefully, we’ will see fewer of these types of breaches in the future but for now, most credit cards in the United States are not embedded with chips to ensure that the card is real, and not just a number stolen from swiping. That will be changing this year.
Regardless, it’s important for all of us to always keep track of and review our credit and debit transactions and watch out for fraudulent charges!