Target and PF Chang's breaches 'the tip of the iceberg'

As if retailers needed any reminders that their businesses are vulnerable to security breaches, experts at a recent conference warned that Target (NYSE:TGT) and P.F. Chang's are just the tip of the iceberg when it comes to credit card fraud.

Each year there are thousands of breaches, some of which have forced the closure of many small businesses, according to FierceRetailIT's sister publication, FierceITSecurity. And thanks to the reliance on POS systems, security concerns will only grow.

"When you swipe your card through [a POS system with integrated payment processing], it types out your track data really fast. So it is very easy [for hackers] to steal it," said Lucas Zaichkowsky, enterprise defense architect at AccessData, at the Black Hat security conference in Las Vegas. "As the data is passed through the environment, there are multiple ways it can be stolen."

Zaichkowsky joins a growing list of security experts who believe the adoption of chip-and-PIN, or EMV cards, won't fully protect retailers. "People think that if we switched to EMV, everything will be solved. That simply is not true," he said. "When that EMV card is read, those same RAM scrapers that are being used today can get the same track-equivalent data that is on the mag stripe [from the EMV card] if it is not implemented correctly."

Target's POS system was famously compromised through a third party with access, compromising the credit and personal information of more than 70 million shoppers during the 2013 holiday shopping season. In June, P.F. Chang's became aware of a data breach involving credit and debit card information reportedly stolen from some of its restaurants.

P.F. Chang's investigation is ongoing even as more retailers and restaurant chains, most recently Jimmy John's, report breaches.

The risks won't go away with EMV adoption, and small retailers are particularly vulnerable, according to security blogger Brian Krebs. These types of businesses often install systems, establish passwords and then go about their business, failing to update passwords and software or stay abreast of security issues.

For more:
-See this FIerceITSecurity story 
-See this Financial Times story

Related stories:
PF Chang's issues security update
Retailers still unprepared for security breaches
Domino's Pizza data hackers demand ransom
How to prevent Target-like data breaches
Will PF Chang's data breach speed EMV?