?

Log in

I haven't written about credit card fraud in a while - You are coming to a sad realization. Cancel or allow? [entries|archive|friends|userinfo]
Obstructionist Husband

[ website | Spare Brains Games ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

I haven't written about credit card fraud in a while [Feb. 10th, 2017|09:17 am]
Obstructionist Husband
[Tags|]

Needless to say, it hasn't stopped while I haven't written about it.

The latest victims, and I mean corporations, are Arby's fast food (I hesitate to call them a restaurant) and Holiday Inn hotels. Arby's says the malware that stole credit cards was limited to their corporate stores, over a thousand locations of their 3,300 locations in the United States. Of course it's entirely possible that some of their franchisees have been compromised, especially if there are big corps with many locations that use a third-party credit card processing solution.

And it is a BIG breach. The president and CEO of the National Association of Federal Credit Unions is saying the number of cards is in the "hundreds of thousands". So that malware, since remediated, has been sitting there for a while. Arby's did not previously announce the hack at the request of the FBI while they were still investigating it.

Someone posted a comment/question asking if a specific location was compromised, I posted this reply:
Call them and ask them if they're a corporate store or a franchisee. If the former, then probably yes. I'm going to be doing that Monday with my semi-local store. Regardless, watch your bank account online for probe charges: a charge for $1-4 from cities and businesses that you don't do business in/with.

A friend of mine was hit by the Wendy's hack. He's on the road a lot and I told him about the probe charges. Sure enough, they appeared on his credit card. Fortunately when the serious charge appeared, he was in a town that had an office for his credit card and he was able to get a replacement sent there.

https://krebsonsecurity.com/2017/02/fast-food-chain-arbys-acknowledges-breach/


The Holiday Inn hack was very specific, it targeted just a few hotel restaurants and bars in high-profile and high-dollar areas in San Francisco, San Jose, Chicago, etc. The malware was present from August to December 2016. It was not found on the hotel's front desk systems.

https://krebsonsecurity.com/2017/02/intercontinental-confirms-breach-at-12-hotels/

This entry was originally posted at http://thewayne.dreamwidth.org/998063.html. Please comment there using OpenID.
linkReply

Comments:
[User Picture]From: porsupah
2017-02-11 08:38 pm (UTC)
At least (for now - who knows what delights Trump's brigade has in store?) such fraud falls on the banks, for the most part, though that's been shifting subtly toward retailers.

I wonder if systems like Apple Pay are (for now) more secure? Perhaps a little trickier to intercept, but the fact they use tokens generated at the time, rather than the actual card credentials, might reduce the profile, but I'm absolutely no cryptobunny.

Closest I've come, so far, was back around 1999, when I had a charge attempted for something like $2k, using details that looked as if they'd come from a crumpled carbon - the address was present, but not quite correct. The bank took care of everything, so, no biggie. =:/
(Reply) (Thread)