Chinese restaurant chain P.F. Chang’s confirmed June 12 that it was the victim of a security compromise affecting its credit card payment terminals. The breach draws renewed attention to the vulnerability of point-of-sale systems and the impact of that on restaurateurs and other retailers as well as their customers.
Full details on the security compromise have not yet been disclosed, but it is apparent that the payment-card terminals in the restaurant were likely the point of compromise. To help protect its customers while the investigation is ongoing, Chang’s noted that its restaurants in the United States will now be using manual credit card imprinting devices to handle credit and debit card transactions.
P.F. Chang’s decision to forgo electronic payment terminals and revert to the manual imprint method isn’t necessarily a safer approach, security experts said.
A stack of imprinted cards is just as valuable as having the electronic versions and can be copied (using a copier, smart phone camera, etc.) for malicious purposes, too, Haber said.
“I can only assume P.F. Chang’s has chosen this method since the electronic system they have, has been compromised at the store level, versus a database breach on the back end,” Haber said. “This is the only method they have to still conduct business.”