Once More Into The (POS) Breach


In a series of posts on his website, KrebsOnSecurity.com, famed cyber security professional Brian Krebs, has written about Bebe, the latest retailer to suffer from stolen credit and debit card data at the point of sale (POS).

“The most common way that thieves steal this type of card data is by hacking into cash registers at retail locations and planting malicious software that surreptitiously records mag stripe data when cards are swiped through the machines,” Krebs writes.  “The breaches at Home Depot, Target, Neiman Marcus, Michaels and other break-ins first detailed on this blog were all powered by malware that thieves planted on point of sale systems.”

As the only full-service point of sale provider — from software development to franchise incubator to ongoing support — part of Sintel’s commitment to our customers and business community is to share relevant ideas, information and industry news.

We spotted a roundup of the KOS posts in a news item on pymnts.com, “Another POS Breach – This Time It’s Bebe.”

According to Krebs, Bebe is the common point of purchase behind fraudulent charges being reported by various banks and Bebe is also related to quite a few cards now being sold in the cyberthief blackmarket.

Here are the highlights of the pymnts.com post:

• Krebs has reported that one East Coast bank had purchased several of its customers’ cards that were being sold on Goodshop, a relatively new cybercrime shop. The bank acquired cards from a batch that Goodshop released on Dec. 1, called “Happy Winter Update.”

• Happy Winter batch prices ranged from $10 to $27 per card. Kreb writes that the bank found that all of the cards had been used at Bebe stores in the United States between November 18 and November 28. Krebs also states that it is not clear if the breach at Bebe stores is ongoing, or if it extends prior to mid-November 2014.

• Krebs notes the breach seemed limited to in-store and did not involve online purchases, suggesting that this was a card cloning operation. “The items for sale at Goodshop are not cards, per se, but instead data copied from the magnetic stripe on the backs of credit cards. Armed with this information, thieves can re-encode the data onto new plastic and then use the counterfeit cards to buy high-priced items at big box stores, goods that can be quickly resold for cash,” Krebs reported.

Read the full pymnts.com post here.

For more insights into point of sale security, check out our related posts, Criminals Hit Their Target, 40 Million Cards Affected, U.S., Canada and Others Hit By POS InfectionsP.F. Chang’s China Bistro Gets Targeted, Breaking Point Of Sale, and A Hacker’s Almanac.

Just as Sintel shares our vast point of sale experience and expertise with startup owners in order to help them make the best decisions from the very beginning, we are happy to share articles, advice and commentary about retail point of sale and security.

Whether you’re a first-time franchise hopeful, a small business owner or an established chain, it’s always smart to stay on top of the latest point of sale best security practices to achieve financial success.

If you are interested in learning more about Sintel’s point of sale systems and how our knowledge and support can impact your future success, call us for a complimentary phone consultation.

Sintel Systems is the only direct to end user full-service provider of tailored Point of Sale systems across retail, restaurant and service industries, including frozen yogurt shopspizzeriassushi restaurantscafés and retail stores.

As a single source for business solutions, our experienced, knowledgeable team negotiates the complex POS landscape for you to enable you to find the right POS system for your business and budget. Hardware – Software – Support

Questions or Comments: Contact us 855-POS-SALES www.SintelSystems.com

Leave a comment