Now, Here’s How To Handle a Credit Card Breach!

PF Chang’s got hacked and developed a customer credit card leak. They’re still not quite sure how it happened, so they switched over to processing credit cards manually.

This means that, instead of swiping your card in the computer (and uploading your personal details to a big database)… the server runs it through one of those “click clack” machines, making a carbon copy with the receipt.

Problem solved!

Their next step (because this is somewhat laborious) is to deploy dial-up credit card readers which phone customers’ card details directly to the card processor. In order to intercept card info now, crooks would have to either a) put phone taps on thousands of restaurants or b) compromise the processor, in which case there’s not much PF Chang’s can do about it.

Side benefit: because LESS CUSTOMER DATA IS BEING STORED with this method, and because (with the carbon copies) this data is decentralized and difficult to mine, it’s also a win for customer privacy. (though they should be paying cash…)

There’s also a very interesting comment in the comments of Krebs’ blog post on this, hinting that the crooks have started bribing outsourced software developers to insert backdoors into major companies’ systems:

“You will note that due to India manipulating their money, that they average software engineer in India makes about $8-10k/year. As such, a simple offer of 5-10 years worth of salary can get you a backdoor into a network of larger profitable western companies like this. ”

%d bloggers like this: