05
Feb

shutterstock_127655501

Well, it’s happened again: another major company has potentially suffered a data breach and consumer credit card information was stolen. If true, Wendy’s would join the infamous list of restaurants with credit card data breaches. PF Chang’s, Dairy Queen, Jimmy John’s, Rainforest Café and Morton’s restaurants have all suffered this catastrophe in the past couple of years. In the Wendy’s case, it was noticed that credit cards used at Wendy’s restaurants “suffered unusual activity,” and is being investigated by cyber security professionals. In the other restaurants’ cases of information theft, POS terminals used to process credit card transactions in company stores were hacked.

Magnetic Striped Cards and Insecure POS Terminals Were the Culprit

All U.S. credit cards, chipped or not, have a magnetic stripe on them. During a magnetic card swipe, all the information about your credit card is passed to the terminal in clear text that is unencrypted, making this information is easy to hack. This differs from the process in which the chip in a credit card is read during a sales transaction.

The chips in credit cards never transmit the actual credit card account information, but transmit a unique digital signature for each transaction. Once this information leaves the chipped card, it is encrypted and tokenized while being sent for authorization by the POS terminal. Tokens replace card data with a surrogate value, but enough information to match the identity of the credit card account securely stored on a server. These tokens are worthless to thieves.

The ease of hacking of magnetic stripe information on cards is the reason most banks are moving to chip cards. Despite the expense of changing out the older technology for chip reading POS terminals, merchants are motivated to do so. The responsibility for credit card fraud shifted to merchants and away from banks on October 1, 2015.

With all the data breaches that have been making the news in the past couple of years, you would think big corporations would be proactive and make the switch.  However, it is not mandatory for merchants to switch. Money and the lack of nimbleness in change, in general, may have been the reason for the slowness in adapting the new technology. Wendy’s has about 6500 stores in the U.S. — converting to chipped card POS terminals is no small expense or task.

The thieves probably did not use the stolen information to make new charges at Wendy’s but targeted other businesses that have not yet converted to chip card readers. These businesses will have to bear the cost of fraudulent transactions if they accept mag stripe cards, which use stolen data. Of course, if Wendy’s accepts fraudulent credit cards using a magnetic striped reader, it will be liable for the charges. Many of the other companies involved in data breaches have offered free credit monitoring services as retribution for their data breaches; there is no word on how Wendy’s means to handle the problem.

Counterfeit Liability For Fraudulent Card Charges After October 1, 2015

Screen Shot 2016-02-03 at 3.56.01 PM

Source: emv.connection.com

What To Do if Your Credit Card Information Has Been Stolen

While the theft of information at Wendy’s seems to have mainly been centralized in the Midwest, suspicious credit card transactions which seem to be related to Wendy’s customers have also been happening on the East Coast. Data breach experts say that if you’ve been a Wendy’s customer and used a credit card in the last 3 months, that you should check your credit card statements carefully in the coming months. If you notice any fraudulent charges, you have 60 days to make a claim.

How to Prevent Card Fraud From Happening to You

If you have a choice, only go to merchants that have chip-enabled readers. It’s highly unlikely your sensitive information will be stolen if the merchant uses a chipped card reader — your credit card information will never be transmitted away from your card in other than encrypted or tokenized form.

Of course, the standard rules of thumb apply when it comes to protecting your credit card information:

  1. Keep your credit cards statements in a secure place and shred the statements when you are done with them.
  2. Only take the credit cards you need with you — don’t take all of them at once anywhere in case your wallet or purse is stolen.
  3. Keep PIN numbers secure.
  4. Check your credit card statements carefully each month to watch for fraud.

You Have Limited Liability for Fraudulent Credit Card Charges

Under the Fair Credit Billing Act, you are limited to $50 liability for a fraudulent charge made on your account. Once you report your card lost or stolen, you are not responsible for any subsequent charges made. However, most credit card issuers have a $0 liability policy and will take off any fraudulent charges if you notify them immediately.

Fraud Costs Everyone Money

The money, which is written off as the result of fraud, does not disappear, however. Not only do merchants absorb the cost of the cards, these merchants will also see increased insurance and administration expenses. When this happens, businesses will no doubt pass the losses on to consumers in the form of higher costs. Bank issuers are still liable for fraudulent transactions made online, so the cost of thieves charging for goods and services on the Internet will be passed on to consumers in the form of higher interest rates and fees.

Related Articles:

Credit Protection: How to Manage the Home Depot Data Breach

Can Credit Report Security Freezes Protect You From Identity Theft?

Monitor Credit Cards After the Holidays to Protect Your Identity


Posted in Credit, Identity Theft