What's Hot

POS Malware Nabs Another Victim

Point-of-sale technology provider Harbortouch Payments has been hit with a security breach, the company confirmed this week.

According to a report from BankInfoSecurity, Harbortouch was hit by a malware-related security breach, though the attack compromised data for just “a small percentage” of the merchants using its POS systems.

“The incident involved the installation of malware on certain point-of-sale systems,” the company said in a statement. “The advanced malware was designed to avoid detection by the anti-virus program running on the POS system. Within hours of detecting the incident, Harbortouch identified and removed the malware from affected systems.”

Additionally, the firm said it is working with investigators from forensics firm Mandiant to probe the incident. Despite the added backup, Harbortouch told its clients that they should not be too worried about the attack, and that the security breach was not a cause of a vulnerability in its POS software.

The company said that it does not store or possess cardholder data, and that only a few of the merchants using Harbortouch POS systems were affected. Still, the company said it is in the process of identifying the necessary parties to pinpoint those whose card data may have been compromised and notify the banks that issued those cards. “Those banks can then conduct heightened monitoring of transactions to detect and prevent unauthorized charges,” the company said.

Harbortouch did not indicate how many cards may have been exposed from the attack, however.

Malware attacks at POS terminals are no longer a novelty. The point-of-sale is the most common cause of data breaches within retailers, according to a recent study by the PCI Council. Even the largest corporations can fall victim to malware.

Staples confirmed late last year that its retail POS systems were breached last summer around the same time a high-profile attack at the Home Depot was reported.


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.

Click to comment