Houston, Texas-based dining, hospitality and gaming company Landry’s revealed recently that it had discovered a piece of malware designed to steal payment card information on its systems.
Following a payment card breach that hit the company’s restaurants in 2015, Landry’s started using a payment processing solution that relies on end-to-end encryption to protect sensitive information on point-of-sale (PoS) terminals. The company started rolling out the new system in 2016 and it’s currently used at all of its locations.
Last year, cybercriminals managed to plant a piece of malware on Landry’s systems in hopes of stealing payment card information. However, the company says the encryption technology prevented the malware from obtaining any information from PoS systems.
However, in what the company has described as “rare circumstances,” waitstaff mistakenly swiped customer cards on order-entry systems. These systems, used by staff to enter bar and kitchen orders and to swipe reward cards, also have a card reader.
The problem is that the order-entry systems are not protected by the same end-to-end encryption technology as PoS terminals and Landry’s says the malware may have captured data from payment cards mistakenly swiped by staff on order-entry systems.
“The malware searched for track data (which sometimes has the cardholder name in addition to card number, expiration date, and internal verification code) read from a payment card after it was swiped on the order-entry systems. In some instances, the malware only identified the part of the magnetic stripe that contained payment card information without the cardholder name,” the company told customers.
Based on its investigation, Landry’s believes the malware may have stolen data f ..
Support the originator by clicking the read the rest link below.
