Credit Card Breach at Chic-Fil-A

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
An investigation is underway at Chic-Fil-A headquarters into the ‘possible’ breach of security where suspicious activity with 9K credit cards had occurred, mainly centered in stores in four southern states and Pennsylvania.

Still, Chick-Fil-A's admission is a little less forthright than that, merely pointing out that this is a "potential data breach" and claiming that an investigation is underway.
Click to expand...
 
And the question I always ask is WHY does any store needs to keep your credit card information?
 
Stoly said:
And the question I always ask is WHY does any store needs to keep your credit card information?
Click to expand...

While a good question nothing in the article indicates a DB with full credit card info was hacked.

Could be software based skimmer, which I believe is how Target was compromised...

Also returns is a reason why card info is kept, though doesn't make much sense in this case. Not saying the ability to return funds to a card warrants the risk mind you...
 
Who wants to bet money that "9,000" cards today becomes 1,000,000+ by the end of the month?
 
Glad i only buy my hate sandwich and bigot fries at chick-fil-a's in the south.
 
Stoly said:
And the question I always ask is WHY does any store needs to keep your credit card information?
Click to expand...

Because they didn't. The compromise, and there is one, was at the POS. The cards are being compromised by capturing the card data between the POS (point of sale, the device they are swiping your card etc) and the card servicing company, and then send the data to an offsite server in batches, not by stealing the data from some card data pool.

PornoSatan said:
Days behind
Click to expand...

Two months behind.
 
Of course soon we'll find out that...
tumblr_lwhv2roIab1qd47jqo1_500.gif
 
I still blame our mag stripe setups. Why can't we chip +pin or chip and signature like europe yet? Oh right because it costs too much :/
 
Stoly said:
And the question I always ask is WHY does any store needs to keep your credit card information?
Click to expand...

In this case it wasn't about stored cards as others have mentioned, but I do have an insiders perspective on why some companies do this.

The short answer is laziness and ignorance. I worked for a company that wrote down on paper every single detail of a person's credit card info when taking phone orders. The excuse was that the person taking the order couldn't type fast enough to enter the numbers on a computer, and they didn't want to ask the customer to repeat the number multiple times or speak slower. The person giving the info had no idea. I was told the numbers were immediately charged and then shredded. In reality they were filing months worth of peoples personal info before shredding, in the off chance they needed to process a refund, or charge an additional amount for shipping charges or whatever. They didn't want to actually call the customer back and explain that they needed the card number again for whatever.

They had also instructed me to modify their e-commerce software to store the credit card numbers in full and in plain text, along with the card security code and all other details. They wanted this for the same reason, to make returns and other charges easier on them. In that case I flat out refused, and basically told them if they have a problem with it they can fire me and I would report them to their credit card processing company. The company they used (authorize.net) had a method for storing a special code that could be used for the purpose of refunds that would only apply to the original transaction. No credit card info needed to be saved, and it offered way more protection in case of a breach. It's been many years and I can't remember why, but I was told not to bother implementing that feature, and they instead chose to call back customers as needed. I ended up quitting that company a few years later for a variety of reasons.
 
viscountalpha said:
I still blame our mag stripe setups. Why can't we chip +pin or chip and signature like europe yet? Oh right because it costs too much :/
Click to expand...

How will that solve the issue. I mean the numbers will still be stolen. And the people who steal the numbers will still be able to make purchases online with the stolen information. I guess they would not get the cvn number in this case but do they get it from a POS purchase?
 
I think they just made some modifications to their POS system for a new payment method/ system. I wonder if someone tried to inject the code then.
 
If only he hadn't rested on the 7th day and worked like the rest of us.
 
viscountalpha said:
I still blame our mag stripe setups. Why can't we chip +pin or chip and signature like europe yet? Oh right because it costs too much :/
Click to expand...
What is stored most has been resolved past the authentication method. The chip & pin is primarily protection from duplication of the physical card I have yet had anyone explain how it offers any protection against database theft and future online use.
 
Likely it's an angry gaggle of pro-gay marriage types.
 
Dear hackers, backdoors are exit only.

-Jesus
 
timta2 said:
Yes, because we know they are the angry and hateful group.
Click to expand...

Because their attitude is generally - "Accept us with open arms or we will sue you out of existence". Along with - "We will hate on and trash whoever we like and you have no right to defend yourself or say anything against what we say or thing or do."
 
cyclone3d said:
Because their attitude is generally - "Accept us with open arms or we will sue you out of existence". Along with - "We will hate on and trash whoever we like and you have no right to defend yourself or say anything against what we say or thing or do."
Click to expand...

Stupid no edit button. Should have been:
"We will hate on and trash whoever we like and you have no right to defend yourself or say anything against what we say or anything we do."
 
You must log in or register to reply here.
Back
Top