unencrypted retail pos system cited in forever 21 breach

Posted by sere on November 7th, 2019

The company announced last week that since March to October 2017, clothing retailer Forever 21 has suffered POS system violations in an undisclosed number of stores.

A Forever 21 vulnerability was discovered by a third party and hackers attacked it using an unencrypted POS system.

Two main lessons can be learned from the default of Forever 21.

First, pci dss compliance is critical for anyone who accepts or processes payment cards, and second, neither Retail nor other organizations can relax their vigilance during the winter break.

There is still a lack of pci dss compliance;

Automation can help any organization that accepts, processes or stores payment cards for major credit card brands to comply with pci dss is mandatory.

Penalties for breach of pci dss are severe.

Credit card companies that authorize pci dss may impose a fine of up to tens or even tens of thousands of dollars, and if a company is unable to pay the fine, they will no longer be able to accept the cards.

Organizations that violate pci dss may also violate national data privacy laws, many of which reflect the requirements of pci dss.

There is then a direct and indirect cost of responding to a breach, including a defense of a civil suit filed by angry consumers.

Violating pci dss is not worth the risk at all.

However, according to the Verizon 2017 payment security report, only more than half of the evaluation business (55. 4%)

Fully compliant with pci dss.

Although this has increased since 2015 when it was only 48 years old.

4% is compliant, which means that almost half of the organizations that accept credit cards violate pci dss.

In addition, Verizon reported that none of the nearly 2016 payment card violations investigated between 2010 and 300 fully met the requirements in case of violations.

The point here is that while compliance with pci dss does not guarantee that the company's POS system will not be violated, compliance is the basis for active network security.

Everything else crashed without it.

While violations by Forever 21 are still under investigation, the fact that some stores in the chain do not encrypt cardholder data suggests pci dss violations.

It should be noted that some stores in Forever 21 have been affected.

Large retail chains often struggle to maintain pci dss compliance across all locations, especially if they do not automate processes using GRC software solutions.

The retail data environment is very complex, involving multiple systems in dozens, hundreds or even thousands of locations, from HR and payroll systems to internal

Store POS terminals to e-commerce websites.

GRC software automates compliance processes and integrates IT governance, policy management, risk management, compliance management, audit management and event management across the enterprise.

This connects all the networks and systems of the retailer and prevents situations like "Forever 21" in which the POS systems of some stores are protected,

Hackers will not take time off. When the holiday shopping season is about to begin this year, people disclosed the forever violation, when consumers flockedand-

Mortar shops and e-commerce sites, as well as cyber criminals trying to steal payment card information, tend to upgrade their games.

However, just because your company is not operating in retail does not mean that you may be lax about cyber security between Thanksgiving and the new year.

The NotPetya attack that hit Ukraine last summer was to take advantage of the country's national day, when hackers knew many businesses would be short --

Staff were provided and they were not given the attention they deserved.

Cyber criminals know many American businesses. S.

During the holiday celebration, handle the employee's holiday and may work for a limited period of time to let them relax their vigilance during the winter vacation.

Los Angeles Valley College suffered a massive ransomware attack on New Year's Eve, paralyzing all its systems;

The school finally paid more than ,000 in ransom to return.

Not only will your company be hacked during the holidays, but when hackers think you don't look, they are now more likely to try to attack you.

Enjoy the holidays, but don't let cyber criminals destroy egg wine;

Continue to stick to the same proactive cybersecurity measures you have taken for the rest of the year.