One of the digital underground’s most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the payment card data was stolen in a two-year-long data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country.
The article says the card data only came from Dickey’s, but I don’t know. I can’t recall ever having eaten at one of these joints, but this happened too coincidently, and I’ve been watching for an announcement exactly like this since. I expect there’s more than just the one source in the dump.
Visa and MasterCard instituted new rules in October 2015 that put retailers on the hook for all of the losses associated with counterfeit card fraud tied to breaches if they haven’t implemented chip-based card readers and enforced the dipping of the chip when a customer presents a chip-based card.
Also, pretty interesting stuff about mag stripes still being so prevalent. I appreciate the card companies making it the retailer’s problem. However, fraud related to security breaches at retailers should always be their problem, regardless of technology used.