In January 2016 Wendy’s restaurants reported that they had suffered a breach in their network that handles credit cards. The report included the following: “As reported in the news media in late January, the Company has engaged cybersecurity experts to conduct a comprehensive investigation into unusual credit card activity related to certain Wendy’s restaurants. Out of the locations investigated to date, some have been found by the cybersecurity experts to have malware on their systems.”
What this basically means is that someone had installed software designed to harvest credit card data (“malware”) on Wendy’s network, which is the same thing that happened at other retailers and restaurants over the course of the last few years. Our sister site, DontBecomeAnotherTarget.com has a list of many of these merchants.
Some credit unions, according to the article, have said that this breach has already exceeded the fraud that the Target breach caused in 2013.
The worst part? According to the article, “the restaurant chain hasn’t yet said how long the breach lasted — or indeed if the breach is even fully contained yet.” What does that mean? That means you don’t use your credit or debit card at Wendy’s. Period.
It’s unknown if Wendy’s had passed their latest PCI DSS (Payment Card Industry Data Security Standard) prior to the breach, however post breach they are not compliant, since the malware should have been discovered during the required scans.
If you’re a merchant that takes credit cards, you’re required to be PCI compliant. We’ve encountered so many merchants who don’t have their own IT department who are under the false impression that they are compliant because they’ve signed (or “attested” online) a form from their credit card processing company indicating that they are compliant.
The credit card processing companies, like every other portion of the credit card chain (Merchant>Processor>Bank) have to be compliant, but each entity is required to do their own PCI Self-Assessment Questionnaire (SAQ). The credit card processors will have the merchant sign/attest a form that indicates that the merchant knows they have to be PCI Compliant, even if the merchant has no clue what that is. Once the merchant attests to this, the credit card processor has fulfilled their obligation. If a breach occurs with the merchant, all the credit card processor has to say is “But you signed that you were PCI compliant” and they’re off the hook.
PC Medics of Alabama (PCMDX) specializes in SMB (Small to Medium Businesses) PCI Compliance. If you process under 6,000,000 transactions per year, PCMDX can make sure you’re compliant. If you’re not compliant, we’ll take the necessary steps to make sure you become compliant. We then take care of your SAQ, and we make sure you remain compliant.
Our client base includes restaurants, dentists, doctors, and various other merchants, so our experienced staff can handle any merchant that takes credit cards. Call us today for a free visit and estimate on how you Don’t Become Another Target. And if you don’t have a dedicated IT department, we can handle that for your as well, which let’s you concentrate on your business, while we take care of your IT needs.