Safety and Security

Card Data Compromised For Buckle Guests Who Swiped Card To Pay

Buckle Inc. reported Friday, June 16, that it had discovered malware on certain retail store location point of sale systems. The company believes that exposure of cardholder data that could be used to create counterfeit cards – including names, addresses, emails and Social Security numbers – was limited, but some credit card numbers may have been compromised.

The breach may affect users who paid via credit card at affected Buckle store locations between Oct. 28, 2016, and April 14, 2017. The malware lifted data from magnetic stripes on payment cards, in some cases possibly including name, number and expiration date.

All Buckle stores had chip technology installed at the point of sale during the time of the incidents, limiting exposure for customers paying that way. There is no evidence that online guests were affected.

Buckle is now working with card issuers with regard to the incident. Those who may have been affected will be notified. Forensics experts have blocked connections between Buckle’s network and potentially malicious external Interne Protocol addresses and isolated potentially compromised systems to eradicate malware-related files.

The company reminds shoppers to be vigilant in reviewing account statements for any unauthorized activity. It also suggests placing a fraud alert on credit files to make it more difficult for someone to obtain credit in your name (although this can also delay your ability to obtain credit in your own name).


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.

Click to comment