According to a report by Brian Krebs, several Staples stores across New York, Pennsylvania, and New Jersey are being investigated by bank officials for a possible data breach.
“Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in north-eastern United States are currently dealing with a data breach,” Mr Krebs wrote.
Based in Framingham, Massachusetts, Staples has more than 1,800 stores nationwide. A spokesperson for the retailer said in response to this issue:
“We take the protection of customer information very seriously, and are working to resolve the situation… If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis.”
If this report is found to be correct, Staples will join the long list of US organizations to have been targeted by hackers, including JPMorgan Chase, Home Depot, Dairy Queen and Target.
Following the recent series of high-profile breaches, many stores across America are moving from using magnetic strip payments cards to the more common and secure Chip-and-PIN payment method.
It is important for enterprises to ensure that whoever deals with storing, transmitting, or processing customer payment card details (whether themselves or a third-party vendor) are fully compliant and up to date with the Payment Card Industry Data Security Standard (PCI DSS). Failure to comply with the PCI DSS could not just result in a data breach and fines, but consequential brand damage and loss of customers and clients.
For further information on the PCI DSS, read PCI DSS: A Pocket Guide. Co-written by a PCI QSA (Qualified Security Assessor) and updated to cover PCI DSS version 3.0, this handy pocket guide provides all the information you need to consider as you approach the PCI DSS. It is also an ideal training resource for anyone in your organization who deals with payment card processing.
Find out more >>
For further information on fighting cyber crime in the US, view our infographic:
Breaches will unfortunately just continue, as I see them everyday as one of North America’s longest licensed PCI-QSA’s. I just want to state that don’t forget one of the most important – and time consuming aspects of PCI DSS compliance – is developing all mandated policies and procedures. As a PCI-QSA for years, I’m constantly having to deal with my client’s challenges of having little or no documentation in place. If you look at the actual standards, there’s close to 50 or so policies and procedures that need to be in place, so finding a comprehensive policy packet is a must. PCI DSS is not always about the technical aspects, there’s a lot of documentation that has to be in place, so just remember that! There are numerous providers online offering cost-effective templates, so now it’s easier and more affordable than ever to put in place all mandated PCI specific documents. Charles.