How Kmart Could Have Prevented Its Credit Card System Security Breach

The recent news about a security breach involving unauthorized credit card activity at Kmart stores serves as a good reminder for businesses to set up in-depth security layering.

According to an article from Krebs On Security, Kmart’s parent company, Sears Holdings, reported that “store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls.”

The company said personal identifying information stayed secured. Credit card numbers were likely compromised. Thieves could use that cardholder data to create counterfeit cards.

Reports of retail security breaches aren’t rare. In 2014, Sears announced a similar breach. Hackers used malware to steal data from hacked point-of-sale (POS) systems. Target and the Home Depot are among other large retailers that have faced data breaches in recent years.

How can your organization help to prevent such a security breach? The key is to go beyond regular security testing protocols, which should include PCI compliance and penetration testing. Here are a couple of important steps you can take to keep your data safe.

Manage Network Segmentation Properly

First, the cardholder data environment (CDE) should have strong segmentations controls in place, such as firewall rules and VLAN segmentation. Proper isolation of a network prevents malware from being able to steal data.

Secondly, your POS system should only be able to communicate with approved IP addresses, such as your credit card payment processors. This prevents outside fraudulent sources from gaining access to card data, since the card numbers never go across the internet.

Also, if your POS system is running on older software, make sure you have an operational plan in place to keep the software updated and secure for today’s threats.

Use In-Depth Security Layering

Many retailers are moving from magnetic stripe to chip-enabled payments. While chip-enabled cards are a great deterrent, and do provide greater security, they don’t offer a guarantee for preventing security breaches. Vulnerabilities are discoverable in the chip system.

That’s why you need in-depth security layering. It is like having a jewelry safe in your house. In addition to the lock on the safe, you have a lock on your front door and possibly an alarm system.  Security layers are defensive layers that are there to slow down intruders and prevent access to the jewelry.

Take the same approach to protecting your data. That way, if vulnerabilities within the chip system are discovered, you already have additional layers of protection against a breach.

The Cost Of A Security Breach

Businesses that have a security breach often suffer serious damage. As reported by Inc., Cisco’s 2017 annual cyber security report found that 50% of breached organizations faced public scrutiny. In addition, 22% lost customers and 29% lost revenue following a breach.

To safeguard your company’s reputation, you need to secure your sensitive data. As we have learned from breaches at major retailers such as those listed above, it’s more important than ever to use a layered approach with cutting-edge technologies that keep your data secure.