Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday May 30 2019, @06:29PM   Printer-friendly
from the not-such-a-cheap-burger dept.

[Ed. note: Wikipedia entry for those who may not be familiar with the company and which notes: "Checkers Drive-In Restaurants, Inc., is one of the largest chains of double drive-thru restaurants in the United States. The company operates Checkers and Rally's restaurants in 28 states and the District of Columbia. They specialize in hamburgers, hot dogs, french fries, and milkshakes." --martyb]

On Wednesday, fast food chain Checkers reported that they had found malicious point-of-sale (POS) software in place on their systems that affected over 100 Checkers and Rally's restaurants and which left customer names, card numbers, verification codes and expiration date vulnerable.

The Full List of affected restaurants including the estimated exposure dates, is available in the data breach notification.

Exposure dates go back as far as December 2015 in one case (Los Angeles, CA), although the majority span late 2018 to current.

In the official statement Checkers says:

What We Are Doing?
As indicated above, after identifying the incident, we promptly launched an extensive investigation and took steps to contain the issue. We also are working with federal law enforcement authorities and coordinating with the payment card companies in their efforts to protect cardholders. We continue to take steps to enhance the security of Checkers and Rally's systems and prevent this type of issue from happening again.

What You Can Do
If you used a payment card at an affected restaurant during a relevant time period, please consider the following recommendations:

Review Your Account Statements. We encourage you to remain vigilant by reviewing your account statements. If you believe there is an unauthorized charge on your card, please contact your financial institution or card issuer immediately.
Order a Credit Report. You are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies. To order your free credit report, visit www.annualcreditreport.com or call toll-free at 1-877-322-8228.
Review the Reference Guide and FAQs. The Reference Guide and FAQs provide additional recommendations on the protection of personal information.

What amounts to, in essence, "our bad, review your statements and check your credit reports" is likely to be considered a very weak response by customers affected. Also the date that the breach was discovered is not revealed ("recently became aware of") so the gap between discovery, completion of the investigation, and the date of breach notification is not known.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by JoeMerchant on Thursday May 30 2019, @08:16PM (5 children)

    by JoeMerchant (3937) on Thursday May 30 2019, @08:16PM (#849416)

    Having worked fast food myself in my younger years, I feel a little queasy about letting my credit card anywhere near fast food staff or management. One of the best things about cash is: you can only lose what you are physically holding. Nobody is going to take your cash and use it as a gateway to your savings or lines of credit.

    --
    🌻🌻 [google.com]
    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by takyon on Thursday May 30 2019, @08:29PM

    by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Thursday May 30 2019, @08:29PM (#849419) Journal

    Yup. Hopefully you aren't spending more than $5-10 there anyway (they mail coupons).

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
  • (Score: 3, Insightful) by Snow on Thursday May 30 2019, @08:52PM (3 children)

    by Snow (1601) on Thursday May 30 2019, @08:52PM (#849427) Journal

    You Americans live in the stone age when it comes to using plastic to pay.

    In Canada, we have true Debit cards. When you use it, your bank account is debited immediately. It will decline if there isn't money in your account (with no NSF fee). Mag strips aren't really used for anything anymore. 90% of purchases are contactless (Tap and Pay). No pin required. Just tap and go.

    When a pin is required (purchases over $100 or after $200 of tap has accumulated), you insert your chip and enter your pin. Your card never leaves your hands.

    USA is just now implementing EMV. We've been through at least 3 versions by now. EMV certification/recertification is a royal pain in the ass for people like me, but to the consumer it makes things much more secure. End-to-end encryption is common so the retailer never sees your card info. It's crazy how far behind the USA is in payment tech.

    • (Score: 3, Funny) by JoeMerchant on Thursday May 30 2019, @09:39PM (2 children)

      by JoeMerchant (3937) on Thursday May 30 2019, @09:39PM (#849436)

      In Canada, we have true Debit cards. When you use it, your bank account is debited immediately. It will decline if there isn't money in your account (with no NSF fee).

      In the US we have true Debit cards also, they are generally used by people who can't qualify for a real credit card. They're even "stealthed" so that the merchant can't tell whether they are dealing with debit or credit.

      No pin required.

      Great system, that _is_ progress. In the old days, a scammer would have to get your routing number off of a check, order up a box of checks to be printed with that routing number, then go kite them until it's time to skip town. NOW, with no pin required, all the thug has to do is knock you over the head and take your contactless device. Don't bother telling me about the swipe code required to unlock, I'm sure they can spot that from far away before they assault you in the parking lot.

      It's crazy how far behind the USA is in payment tech.

      Much like the cell phone rollout 20 years back, it's because the USA has a workable payment infrastructure, carrying trillions in transactions, that it takes time (and money) to upgrade the tech. When you're moving from a moose-pelt barter system direct to e-banking, it goes a little faster.

      Now get off my lawn and go get some state sponsored health care for your bruised ego.

      --
      🌻🌻 [google.com]
      • (Score: 2) by Snow on Thursday May 30 2019, @09:55PM (1 child)

        by Snow (1601) on Thursday May 30 2019, @09:55PM (#849438) Journal

        Of course we have traditional Credit Cards too. I've heard that it's common in the US that when you use a debit card, the debit doesn't actually come out of your account for several days. This can lead to spending more than you have and the NSF fees associated with that.

        The card itself is contactless. You tap the card on the terminal to pay. It takes 1-2 seconds. Transactions using Interac Flash are guaranteed for the merchant (no chargebacks) and the bank will (supposedly) cover any fraud. You are required to use a pin every $200 so not that much can be stolen anyways.

        The USA has a very fragmented payment infrastructure which is why it's taking so long to move to EMV/Chip and Pin. You have so many different banks and lots of small businesses that don't want to upgrade. It costs a lot to upgrade to EMV. A card reader (JUST THE CARD READER!) at a gas pump is ~$2000. With EMV 5 I'm sure they will be more. Eventually the businesses will be dragged into compliance.

        Once you try the tap and pay, you'll be hooked. It's so fast, easy and ubiquitous now. Even vending machines have tap and pay.

        • (Score: 2) by JoeMerchant on Thursday May 30 2019, @10:19PM

          by JoeMerchant (3937) on Thursday May 30 2019, @10:19PM (#849452)

          I've heard that it's common in the US that when you use a debit card, the debit doesn't actually come out of your account for several days.

          That may have been more common years ago. The new systems are pretty real-time, of course you can still sign up for a "trap" account that will fee you to death for every little thing, but if you stick with an institution like a Credit Union, they can actually serve your needs instead of trying to serve you on a platter.

          I had tap and pay in my last phone, and used it at the weekly grocery trip and a few other random places. It was plenty convenient (fingerprint to unlock, tap to pay), but, that was a Nexus 5x, and after it bootlooped I replaced it with a phone that doesn't have NFC. I missed it for about a month, and I'm over it now. I'll go back to tap to pay when I get another NFC phone, meanwhile, it's not really that hard to stick a CC in a slot. The BIG HUGE AMAZINGLY AWESOME aspect of tap to pay with the phone was: forgetting your wallet wasn't a fatal mistake - I still seem to do that about once every two years or so, and it's really nice when the phone can cover for your senility (apparently, a condition I have suffered since my teenage years.)

          --
          🌻🌻 [google.com]