There are two disturbing bits of news this week regarding the recently revealed cardholder data breach at PF Chang, the national chain of Chinese casual dining restaurants. The first is that more than a week after the breach, they are still using manual imprint machines to process credit card payments. Such imprint machines were once standard in retail outlets, but have generally been retired to the Museum of Obsolete Technology.
This suggests that the investigators for PF Chang have not yet discovered the cause of the breach and have not come up with a solution they are confident in. While there have been some huge cardholder breaches recently, going back to last year’s monster breach at Target, once a victim retailer discovers a breach it does not usually take them long to clean their systems.
Could the situation with data breaches become so bad that we start reverting to paper base systems? Not likely, but the significant number of cardholder breaches over the past year will be put pressure on banks, card issuers and retailers to convert to cards with embedded microchips. They are used widely in Europe and are not nearly as vulnerable to breaches as our magnetic strip cards. Hackers have clearly zeroed in on US payment systems as a target rich environment. The conversion will be costly, but it is no longer a matter of if but how long.
The second related story is bad news, but may have a silver lining. Card issuers analyzing cardholder data believe the breach occurred last September, not more recently as PF Chang first suggested and thus the period of cardholder vulnerability could also be much greater. At this point, we just do not know.
So what’s the silver lining?
If the breach predates the Target data breach, since many PF Chang customers are also likely to be Target customers and of other recent breaches then many will have already had their cards replace. Hopefully, this will have limited their exposure.
This is a story worth watching for anyone interested in data security. At the moment, we have more questions than answers.