A welcomed response, PF Chang's
UPDATE:
http://pfchangs.com/security/
PF Chang's has posted a public response. In Summary, Secret Service contacted them June 10th, they have confirmed the breach. Time to change CC number... 'again' :(
Â
-------
Â
Krebs is running a story about the recent data breach that has happened to restaurant chain PF Chang's [1]. As it so happens we decided to have lunch there today and I polled one of the managers if she had been briefed on the breach. She had been informed.
I observed two things of note at lunch, one people were still paying with credit cards but what returned was a pleasant and welcome surprise. The bar tender placed the bill down along with a manually run credit card from one of the ole'school card imprinters [2].
The extent of the breach is still under investigation according to the general manager of the PF Chang's we frequent, and it is time to change the CC ... again ...
Maybe we should keep a breach causes CC change score board :( [3]
Â
[1] http://krebsonsecurity.com/2014/06/banks-credit-card-breach-at-p-f-changs/
[2] http://www.amazon.com/Addressogragh-Bartizan-4000-Imprinter-Without/dp/B0057YIHMM
â??[3] https://www.privacyrights.org/
Â
Richard Porter
--- ISC Handler on Duty
Comments
http://krebsonsecurity.com/2014/06/p-f-changs-confirms-credit-card-breach/
I mentioned this handler's entry as well. Thanks.
Anonymous
Jun 13th 2014
1 decade ago
Anonymous
Jun 13th 2014
1 decade ago
Anonymous
Jun 13th 2014
1 decade ago
Anonymous
Jun 13th 2014
1 decade ago
But that's no reason to halt progress.
Anonymous
Jun 15th 2014
1 decade ago
Here in Denmark, all CC payments are chip&pin. The reader/pinpad is an integrated device, which does not send any carddata, except maybe 6+4 back to the store computer. It communicates directly (internet or dial-up) with the payment provider (bank owned), using certified and validated encryption.
Internal communications inside the terminal are also supposed to be encrypted. And firmware upgrades a digitally signed.
As a retailer, who never sees the CC numbers, I do not understand why VISA and Mastercard still requires me to be PCI compliant, and pay for external audits. If they did their job good enough in certifying my payment terminals, there is absolutely no risk here.
VISA/Mastercard should demand security as in Scandinavia (Denmark/Norway/Sweden), and not crappy solutions from 1980, like seems to be the standard in the US.
Anonymous
Jun 17th 2014
1 decade ago
Anonymous
Jun 17th 2014
1 decade ago