Supervalu, just one of the latest companies to be hit by POS malware, is being sued in the U.S. District Court for the Southern District of Illinois for poor business practices and negligence. Plaintiffs argue that their private information, such as credit and debit card numbers, has been exposed as a result of the company's failure to prevent the recent security breach occurring at 209 stores around the country. Minneapolis/St. Paul Business Journal reports that the number of credit cards effectively stolen likely stretches into the millions.
With the number of malware victims increasing it shouldn't come as a surprise that the fallout companies face from such breaches is often extremely damaging. According to BankInfo Security, Target has spent 235 million dollars related to the breach, and second-quarter profits have fallen by 62 percent. And this immediate financial loss can seem trivial when compared to the hit the company's reputation has taken.
Client loyalty can only be preserved through an ongoing relationship of trust, and customers feel vulnerable and betrayed as a result of their personal information being handled with anything less than the utmost care.
On this issue, tech magazine InfoSecurity quotes Mark Bower: "The only way to neutralize this risk is to avoid any sensitive data passing in and through the vulnerable POS or retail IT. Hundreds of thousands of merchants already do this today with proven approaches using the latest innovations in data-centric security and are able to brush off such attacks like water off a duck's back. These risks are totally avoidable – and at a fraction of the cost of the fallout from dealing with the consequences."
It is inarguably time that companies take more upfront care with their credit card payment software. Such preventative investments will appear meager compared to the damage control that is necessary following a large-scale breach.