In early July, nine different zoos including the Detroit and Cincinnati Zoo, suffered four-month-long data breaches. Visitors who used their debit or credit card at one of these facilities’ food or retail vendors may be at risk of having a crook overtake their finances.
This widespread — and somewhat obscure — compromise of customer data raises the question: “How could this many zoos suffer data breaches at the same time?”
The answer is actually quite simple, but is rarely top of mind for consumers as we go about our day-to-day lives.
Hackers didn’t target each of these zoos Individually; they set their eyes on the bigger prize — their point-of-sale provider. Each of these facilities employed the same point-of-sale provider, Service Systems Associates, to service their payment processing systems. This was the hackers’ entrance point.
Point-of-sale systems are an all-encompassing term for the cash register, card reader and related payment technology. These systems are hard to secure because they handle such sensitive financial data, while remaining connected to the Internet. This connectivity facilitates the ability to approve or decline transactions and cycle data to the main database; however, it also creates a major vulnerability.
Cybercriminals have discovered they can secretly snatch data from these high-traffic, treasure troves using malware — software intended to damage or disable a computer system. Malware is remotely placed on these systems to siphon data to fraudsters between the time of entry and transmission to the point-of-sale provider. This point-of-sale system breach takes just a fraction of a second but can last for months.
Hackers will then either use this information for themselves or sell it to fraudsters on the online black market.
Malware as the root of a point-of-sale system breaches is becoming commonplace. Big name retailers like The Home Depot, Dairy Queen and Kmart all had Backoff malware incidents last year — a form of malware the FBI labeled as high-risk; it was responsible for the exposure of hundred of thousands of consumers’ information.
So how do you avoid being a casualty of a point-of-sale system breach?
Unfortunately, besides simply using your best common when making purchases, consumers have relatively little say in whether card data is protected. It’s actually the financial institutions and business owners who have the most power through an industry-leading security measure known as EMV technology.
EMV is likely already implemented on your credit card, but you’re probably rarely using it. You may know this technology as the little computer chip on your credit card. It makes it harder for cybercriminals to steal and replicate card data.
As of October 2015, all business owners must implement this technology or be liable for their customers’ fraudulent charges. However, businesses are slow to adopt this technology due to the high transition costs.
So how can you tell if a business has adopted EMV security? You will no longer slide your payment card’s magnetic strip at locations that have EMV technology. Instead, to pay, you will insert your card sideways into the processor so the machine can read the chip data.
While EMV is effective in mitigating fraud, it’s not foolproof. It’s vital consumers still exercise their credit smarts in person and online even with this technology.
What do you think about this latest point-of-sale system breach and the adoption of EMV technology? Let us know in the comments below.
Albuquerque Bio Park
Binder Park Zoo
Buffalo Museum of Science
Cheyenne Mountain Zoo
Cincinnati Museum Center
Discovery Gateway Children’s Museum
El Paso Zoo Fresno Chaffee Zoo
Hanauma Bay Nature Preserve
Hermann Park Conservancy
History Colorado Center
Living Desert Zoo
Los Angeles Zoo
Monterey Bay Aquarium
National Center for Civil & Human Rights
National Western Stock Show
Pretend City Children’s Museum
Reid Park Zoo
Royal Bridge & Park
San Francisco Zoo
St. Louis Science Center
Utah’s Hogle Zoo
Source: The Indy Channel
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.