September 28, 2017
Restaurant chains continue to be targets of hackers providing ammunition in the form of stolen payment card information to commit fraud against e-commerce retailers. The most recent network intrusion victimized fast-food chain Sonic and its customers in 45 U.S. states. The extent of the breach is unknown as the investigation continues, but Sonic acknowledged the breach and indicated in published reports that it uses a single POS system for the majority of its approximately 3,600 locations.
While account takeover fraud is top of mind as hackers increasingly target personal information to leverage the higher levels of monetization it can produce, stolen credit cards used to commit the more familiar card-not-present fraud at the transaction level remain a significant problem. Hackers still go after companies like Sonic (restaurant and hotel chains seem to have become the retail victims of choice) and still commit CNP fraud in large numbers. One study from earlier this year found payment card data was still the primary type of information stolen in most breaches, while many of the highest profile breaches like Equifax and Yahoo yield more PII.
While ATO accounts for an increasing share of the fraud CNP merchants face, the bottom line is they are still at risk of criminals trying to monetize stolen credit cards. As always, year-round vigilance, preparation and a layered defense are a merchant’s best weapons in the fight to protect their companies’ revenue.