Despite the money they may spend on prevention measures, bigger retailers are no more immune to credit card fraud and errors than other, smaller merchants. Over the past four months, Schnucks, a family of grocery stores with locations in states like Iowa, Indiana and (chiefly) Missouri, saw an alarming number of its stores targeted by malware that resulted in the credit card numbers of its users being leaked in another instance of the type of attack we've seen before. Now that some specific information about this incident has been made available, a few of the factors that went into this crime can be reviewed by all those with a stake in successful POS payment processing.
According to the press release posted by the company on Monday, more than 2 million cards were potentially affected by this accumulative attack effort. As of March 30, the issue was reported as having been "found and contained."
Allegedly, the compromised systems would not have released any information to the hackers aside from the number and expiration date on the card used itself. The release also quoted the CEO of Schnuck Markets Inc., Scott Schnuck, emphasized the steps the company would be taking in this statement.
"Over the years, technology has helped us deliver superior customer service, but it also introduces risks that we have actively worked to manage through compliance audits, encryption technology and various other security measures," Schnuck said. "We've worked hard to provide a secure transaction environment for our customers and, today I make a personal pledge to you that we will be relentless in maintaining the security of our payment processing system."
Not every malicious use of software in store-based equipment can be anticipated, but when hits follow a particular pattern, store owners can start identifying the risks they hope to avoid. Making malware blocking a large priority is one of the key things a business can do to help affirm customer confidence in its systems.