Clueless About Card Data Hack, PF Chang's Reverts To Imprinting Devices 142
wiredmikey writes: After saying earlier this week that it was investigating reports of a data breach related to payment cards used at its locations, P.F. Chang's China Bistro confirmed on Thursday that credit and debit card data has been stolen from some of its restaurants. What's interesting, and somewhat humorous, is that the company said that it has switched over to manual credit card imprinting systems for all of its restaurants located in the continental United States. The popular restaurant chain said that on Tuesday, June 10, the United States Secret Services alerted the company about the incident. Admitting that it does not know the extent or current situation and impact of the attack, the company noted in a statement: "All P.F. Chang's China Bistro branded restaurants in the continental U.S. are using manual credit card imprinting devices to handle our credit and debit card transactions," the company said. "This allows you to use your credit and debit cards safely. If it's not obvious, anyone who has visited a P.F. Chang's and used a payment card in the last several months should monitor their accounts and report any suspected fraudulent activity to their card company.
Never heard of dumpster diving? (Score:0, Insightful)
Those imprint machines are far from safe. PF Changs should shutter the business until they figure this out.
Not Clueless (Score:0, Insightful)
This response is not necessarily clueless. How much values does the chain derive from electronic processing? If it is less than the cost of securing their systems then going back to paper is a smart tactic.
There are lots of cases where sensitive records are needlessly computerized. For example, I just had a discussion with my local blood bank. They have federal requirements to record your identity in order to track you down if someone finds a problem with your blood. So they put it in a computer and when you ask about security they give you the same line that Target and PF Changs, and Neiman Marcus, and pretty much everybody gives you when you ask - that security is important to them and that they've taken precautions to protect it.
But the thing is, they don't need to computerize my identity. It is one of those write-once, read rarely pieces of data because the number of times they have to find someone because of bad blood is tiny compared to the number of donations they get. They could just write it down and file it in a literal filing cabinet and then give me a donor-id to use when making donations. Let the computers use the donor-id for scheduling and all the other stuff that happens frequently, but in that rare case when they have to actually find out who I really am, an extra 5 minutes to go look in the filing cabinet won't be a burden.
I'm not saying that all sensitive information should only be stored on paper, but I am saying we ought to be asking what info really benefits from being stored electronically and is the benefit really greater than the risks?
Chip & Pin (Score:4, Insightful)
I heard the USA will finally get proper Chip & Pin cards next year ?
I visited the US recently and discovered the joy of swipe & signature on paper receipts... It really feels like 3rd world technology.
Re:more secure? (Score:5, Insightful)
> So now I can physically steal boxes of credit card numbers with signatures right at the bottom?
Everybody understands physical security. Store the boxes in a locked closet in the managers office and the the number of people who have access is reduced to a handful of employees - all of which are also subject to our local legal system. Put the data on the network and the number of people who might have access to it is practically the entire internet, the majority of which are outside of US jurisdiction.
Never store sensitive data you don't need. (Score:5, Insightful)
Back in the 80s I worked for a company that did back office accounting systems. Then I moved to a large non-profit and was in charge of both back office and customer facing systems. This was when the Internet was for non-commercial traffic only, so "customer facing" meant a live operator at a dumb terminal hooked up to a minicomputer.
My new employer wanted me to develop a system that would among other things take credit cards from donors and volunteers. I was pretty confident on the technical end of things, but I wasn't sure about handing the financial data. So I called in a CPA friend I'd met at my prior job, and he looked over a the design documentation for the system to make sure everything was kosher.
"You can't store credit card information in the database," he said.
"Why not?"
"Because it's insecure," he said.
"But it's convenient," I said.
"That's the problem," he said. "Look, any of the operators will be able to look up credit card information on any donor. Some of these donors are rich. You'd be able to go on one hell of a shopping spree with just one of their credit cards."
"What if I make it harder to look up the data?"
"Then it's not convenient anymore," he said. "Look, you don't actually have a use for this data once you've processed the credit card transactions. And while you're keeping it around in case you might someday have a use for it, it leaves you wide open to theft. It'd be a disaster; customers won't do business with you because your reputation will be in the toilet. Get rid of it. Get it out of the database, any logs you have, and make sure it's not in any backup tapes."
And when I thought about it I realized he was right. There was no point in exposing my employer to risk for no real benefit. That's when I learned an important principle of security: don't hold onto sensitive data that you don't actually have a use for. I suppose you could generalize: don't keep sensitive data on any system where there is no compelling need to store it there.
Things have changed now; storing credit card data has come to be regarded as routine in the post-1 click, impulse buy Internet world. But even though it is the *norm*, that doesn't mean you should automatically do it. There's actually a use in a web store for storing credit card data which offsets the risk (which you should still minimize). There's no reason for a restaurant to store credit card information -- that's just blind habit. Waiter takes the customer credit card, runs the transaction, and hands the card back to the customer, and then restaurant no longer has the data. You can't lose what you don't have.
Of course in this case it's probably not P.F. Chang's fault. They bought a POS system which left them open. It probably is all slick and really very helpful at keeping things moving, like maybe taking the customers card at the table. It'd be interesting to know how the POS system vendor screwed this up, because clearly they did.
There is no encryption or security architecture that beats not having the data.
Re:Never store sensitive data you don't need. (Score:3, Insightful)
if you didn't know the answer to that, you really should not be writing such software.
GP knew to call someone in who was more knowledgable. If you didn't know to do that, then you really shouldn't be doing jack shit.
Re:What about flat cards? (Score:5, Insightful)
Why keep using ancient swipe technology?
Chip and PIN is a *much* better system.
It's written in by hand (Score:5, Insightful)
The slip's form fields align with a credit card, but that doesn't mean the waitstaff can't write it in by hand. Impressions just made it faster, and gave some limited proof of "card presence."
Also, why would you eat at PF Changs? PF Chang's is for people too afraid (to be polite) to step into the local Asian restaurants. It's overpriced low-to-mid-tier produce/meat with a sauce that came out of a can. If you're lucky, that can says "PF Changs teriyaki sauce", not "Sysco teriyaki sauce."
I once ate there and the waiter actually felt it necessary to tell us that "soy sauce is like salt for chinese food."
Stop eating at chain restaurants. They suck - the food's bad, they run the local non-chains out of business - and they prey upon people who want bland consistency. Live a little. Support the local economy. Etc.
Re:more secure? (Score:4, Insightful)
Physically, you can steal one box at a time, perhaps 1000 receipts. And the thief must be physically present, and risk his ass getting caught doing so.
Electronically, you can sit in Odessa, Ukraine, and steal 44 million accounts from every cash register at a major retailer. And the thief risks absolutely nothing, because his government is too busy fighting the Russian separatists who have taken over City Hall.
See the difference?