As the Fourth of July draws near, America is busy planning for the celebratory festivities. At the lake, on the beach, or at the neighborhood barbeque, we celebrate America’s birthday in a big way. In fact, the average family ends up spending $318 on the 4th of July and Americans as a whole spend $645 million dollars on fireworks alone!
While we are enjoying this patriotic holiday with our friends and family, hackers are busy planning some festivities of their own – stealing credit card data.
Nothing is sacred in the minds of cyber criminals, and the latest news about the possible security breach at Hershey Park should come as a clear reminder that cyber criminals will indeed hack anyone that is vulnerable.
Proving that hackers will literally go after any target, officials are now investigating whether or not Hershey Park – a popular amusement park and resort area in Hershey, PA – has been successfully breached by cybercriminals.
According to security blogger Brian Krebs, Hershey has hired a security firm to investigate reports about a possible credit card breach.
“We have received reports from some of our guests that fraud charges appeared on their payment cards after they visited our property,” said Kathleen McGraw, director of communications for Hershey Entertainment and Resorts Company.
Sources at some of the banks that contacted Hershey noted a pattern of fraudulent activity on the cards of customers who had visited the park between mid-March and May of this year. That pattern of theft seems so far to have been focused in the immediate vicinity. According to the banks, the cards were used at a variety of Hershey locations, including food and beverage outlets, ticketing stations and the Hershey Lodge.
As the investigation unfolds, we will see a clearer picture on the fraudulent card activity pattern at Hershey Park, but what is certain is that data theft continues to be rampant. In 2014, there were 783 U.S. data breaches reported, and 2015 has already reached 380 reported breaches.
Costs associated with a breach unfortunately do not become clear until the damage of a breach has been done. The Ponemon Institute and Symantec put out a recent study showing that the cost of breached credit data is $217 per unique transactions. So, as an example, for a large merchant processing 2.5 million transactions per year, the breach cost would total $502 million.
The Identity Theft Resource Center (IRTC) reports that 90% of breaches are occurring in the merchants’ point of sale system (POS) where criminals install malware to steal clear-text cardholder data. Hackers transport the data out of the merchant POS to their servers, where card data is sold online for fraudulent use.
Ok, enough doom and gloom on the 4th of July. Breaches are bad news, but the good news is that merchants of all sizes can protect themselves from malware in their POS system. The PCI Security Standards Council (PCI SCC) – the gold standard in payment security – recommends PCI-validated Point-to-Point Encryption (P2PE).
Bluefin Payment Systems PCI-validated P2PE solutions encrypt cardholder data at the Point of Interaction (POI), preventing clear-text cardholder data from being present in a merchant’s POS system, therefore inaccessible to hackers!
The PCI SCC provides guidance on how businesses can ensure your organization has the proper security controls in place to prevent a breach caused by malware. Also, learn more about Bluefin’s suite of P2PE solutionsfor integrated, mobile and omni-channel retail payment offerings.
If we needed another reason for fireworks, P2PE is it! Have a happy and safe 4th of July America.