Fraud Attack

Malware Attack On National Stores Inc. Exposed Payment Data

National Stores Breach

Following a malware attack that allowed “unauthorized parties” to access customer credit card information, off-price retailer National Stores is seeking to prevent fraudulent activity and improve the security of its point-of-sale (POS) systems, the company said in an announcement.

“We have been working closely with the FBI, cybersecurity experts and payment card brands to contain the incident and protect our customers’ payment cards,” National Stores Chief Executive Officer Michael Fallas said an announcement last Monday (Jan. 22). “The malware has been removed from our system, and no customers will be responsible for any fraudulent charges to their accounts. We are in the process of strengthening the security of our point-of-sale systems to prevent this from happening in the future.”

Based on National Stores’ investigation, the company believes customers who used their credit cards at its locations between July 16 and Dec. 11 may be involved in the breach. Affected information might have included names, payment card numbers, expiration dates and security codes.

Following the breach, the company hired digital cybersecurity firms to assist with its investigation, stating it “will continue to provide whatever cooperation is necessary to hold the malicious actors accountable.”

News of the National Stores’ breach comes less than a year after credit scoring company Equifax announced a cybersecurity incident that may have impacted approximately 143 million consumers in the U.S., as well as the credit card numbers of approximately 209,000 people. The unauthorized access occurred from mid-May through July 2017, according to Equifax.

National Stores’ incident comes five years after a massive breach at Target, in which 40 million cards were breached, 70 million customer records were stolen and 1 million to 3 million cards were successfully sold and used in fraudulent transactions. In all, $200 million was spent on reissuing cards by banks and credit unions for compromised cards and an estimated $57.3 million flowed directly into the pockets of the criminals who managed to pull off the heist.


Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. In the November 2019 AML/KYC Report, Zillow’s Justin Farris tells PYMNTS how the platform incorporates stringent authentication without making the onboarding and buying experiences too complex.