Point of Sale

Another POS Breach – This Time It’s Bebe

Looks like BeBe Stores—with about 200 stores in the U.S.—may be the next cyberthief retail chain victim, according to a report from Krebs On Security.

BeBe is the common point of purchase behind fraudulent charges being reported by various banks and BeBe is also related to quite a few cards now being sold in the cyberthief blackmarket, the story said.

Krebs specifically reported that one East Coast bank "had purchased several of its customers' cards that were being sold on a relatively new cybercrime shop called (goodshop.bz). The bank acquired cards from a batch that Goodshop released on Dec. 1, called 'Happy Winter Update.' The prices from that Happy Winter batch range from $10 to $27 per card. The bank found that all of the cards had been used at Bebe Stores in the United States between Nov. 18 and Nov. 28. It is not clear if the breach at Bebe stores is ongoing, or if it extends prior to mid-November 2014."

The breach seemed limited to in-store and did not involve online purchases, the story said, suggesting that this was a card cloning operation. "The items for sale at Goodshop are not cards, per se, but instead data copied from the magnetic stripe on the backs of credit cards. Armed with this information, thieves can re-encode the data onto new plastic and then use the counterfeit cards to buy high-priced items at big box stores, goods that can be quickly resold for cash," Krebs reported.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.

Click to comment