Point of Sale

Another POS Breach – This Time It’s Bebe

Looks like BeBe Stores—with about 200 stores in the U.S.—may be the next cyberthief retail chain victim, according to a report from Krebs On Security.

BeBe is the common point of purchase behind fraudulent charges being reported by various banks and BeBe is also related to quite a few cards now being sold in the cyberthief blackmarket, the story said.

Krebs specifically reported that one East Coast bank “had purchased several of its customers’ cards that were being sold on a relatively new cybercrime shop called (goodshop.bz). The bank acquired cards from a batch that Goodshop released on Dec. 1, called ‘Happy Winter Update.’ The prices from that Happy Winter batch range from $10 to $27 per card. The bank found that all of the cards had been used at Bebe Stores in the United States between Nov. 18 and Nov. 28. It is not clear if the breach at Bebe stores is ongoing, or if it extends prior to mid-November 2014.”

The breach seemed limited to in-store and did not involve online purchases, the story said, suggesting that this was a card cloning operation. “The items for sale at Goodshop are not cards, per se, but instead data copied from the magnetic stripe on the backs of credit cards. Armed with this information, thieves can re-encode the data onto new plastic and then use the counterfeit cards to buy high-priced items at big box stores, goods that can be quickly resold for cash,” Krebs reported.


Latest Insights: 

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The May 2019 PSD2 Tracker Report, is a go-to, monthly resource for updates on trends and changes regarding PSD2 and other privacy and data protection regulations.

Click to comment


To Top