Lessons of a Bookish Breach

As you may have been reading in the news this week, there’s been another breach in a merchant credit card system, this time hitting 63 Barnes & Noble outlets across the country. While the breach — and resultant damage — seem to have already been contained (since the original hack occurred in September, but wasn’t announced until now, per the wishes of FBI investigators). Customer swipe machines at various B&N’s were compromised, and sent account info to the hackers themselves, who seem to have briefly used the information for purchases throughout the fall, though those curtailed.

What was interesting is that while states, including California, require that companies notify customers of a breach if their names are breached in association with other info such as credit cards, or driver’s license or Social Security numbers, many states make an exception for encrypted information. As long as companies shroud their consumer information in basic encryption, they don’t have to tell the customers themselves about the breach. So as a customer, it might be possible that you’d never hear of a breach of one of the databases your various numbers reside in.


And yet, as a New York Times article on the B&N hack reported, “Attacks on point-of-sale systems are growing exponentially,” according to Tom Kellermann, a vice president at the security company Trend Micro. According to the article, “Mr. Kellermann said this was, in large part, because encryption no longer provided a deterrent for skilled hackers.” Which brings up the somewhat daunting prospect that state laws which assume encryption is “safe,” in terms of the need for timely action on behalf of consumers, may themselves become as antiquated as the “signature” method is, in terms of guarding against credit card fraud, whether you accept online payments, or only have brick-and-mortar retail merchant accounts. Or both.

Here at AVP Solutions, we take pride in knowing that our own fraud solutions are some of the industry’s best, in terms of protecting our own merchants from credit card fraud. Those solutions are constantly being updated — just as, sadly, hacking methods are. If you’d like to keep up, be sure and contact your AVPS rep today, to make sure you’re as fully protected as you can be. After all, of course you want up-to-date merchant services. But you don’t need a book to tell you you want them to be safe, too.

Leave a Reply

Your email address will not be published. Required fields are marked *