Lessons of a Bookish Breach
The Barnes & Noble Credit Card System Breach
You may have read in the news this week about another breach in a merchant credit card system, impacting 63 Barnes & Noble outlets nationwide. The breach and its consequent damage, contained since the original hack in September, only came to light recently following FBI investigators’ recommendations. Hackers compromised customer swipe machines at various Barnes & Noble locations, capturing and using account information for brief periods during the fall before curtailing their activities.
Encryption and Consumer Notification Laws
What was interesting is that while states, including California, require that companies notify customers of a breach if their names are breached in association with other info such as credit cards, or driver’s license or Social Security numbers, many states make an exception for encrypted information. As long as companies shroud their consumer information in basic encryption, they don’t have to tell the customers themselves about the breach. So as a customer, it might be possible that you’d never hear of a breach of one of the databases your various numbers reside in.
The Growing Ineffectiveness of Encryption
And yet, as a New York Times article on the B&N hack reported, “Attacks on point-of-sale systems are growing exponentially,” according to Tom Kellermann, a vice president at the security company Trend Micro. According to the article, “Mr. Kellermann said this was, in large part, because encryption no longer provided a deterrent for skilled hackers.” Which brings up the somewhat daunting prospect that state laws which assume encryption is “safe,” in terms of the need for timely action on behalf of consumers, may themselves become as antiquated as the “signature” method is, in terms of guarding against credit card fraud, whether you accept online payments, or only have brick-and-mortar retail merchant accounts. Or both.
AVP Solutions’ Commitment to Fraud Protection
Here at AVP Solutions, we take pride in knowing that our own fraud solutions are some of the industry’s best, in terms of protecting our own merchants from credit card fraud. If you’d like to keep up, be sure and contact your AVPS rep today, to make sure you’re as fully protected as you can be. After all, of course you want up-to-date merchant services. But you don’t need a book to tell you you want them to be safe, too.