Global fashion retailer Forever 21 has revealed that earlier this year hackers gained access to several of its unencrypted payment card systems and potentially stole payment information belonging to customers.
In a press release, Forever 21 said:
The company, which operates more than 815 stores in 57 countries, said that only certain point-of-sale (POS) devices in some stores had been affected by the breach. However, it failed to mention which stores were breached.
Forever 21 has advised customers to closely monitor their payment card statements: “If customers see an unauthorized charge, they should immediately notify the bank that issued the card.”
POS system breaches are an increasing threat
This is not the first time a large chain has been targeted by hackers this year. Here are just a few of the POS breaches we have reported on in 2017:
- Pizza Hut app and 41 Hyatt POS systems breached by hackers
- Sonic and Whole Foods disclose data breach details
- Kmart breached by POS malware again
Keep up to date with the latest hacks and breaches by subscribing to our Daily Sentinel newsletter.
A preventable breach
The breach could have been prevented if all of Forever 21’s POS systems had been encrypted. As a merchant, the retailer should have been fully compliant with the Payment Card Industry Data Security Standard (PCI DSS).
Encrypting transmission of cardholder data across open, public networks is a key compliance requirement of the PCI DSS.
The PCI DSS aims to increase payment card security and applies to all organizations worldwide that transmit, process, or store payment data.
However, despite the prospect of fines and penalties, many merchants are not fully compliant.
Protecting your POS system
If your organization’s POS system is not protected properly, you could become an easy target for hackers.
It is therefore increasingly important for organizations to implement effective measures to control external threats.
Documenting policies and procedures on these topics shows your commitment to protecting sensitive information, and it’s also a key requirement for PCI compliance.
Compiling these policies can be a time-consuming and challenging task.
The PCI DSS Documentation Toolkit provides you with all the policies, procedures, and instructions you need to achieve compliance with the Standard. The toolkit includes:
- A complete set of easy-to-use, customizable, and fully PCI-compliant documentation templates, including:
- PCI DSS Charter
- PCI DSS Compliance Program
- Operational Security Policy Statement
- Cryptographic Key Management
- Cardholder Data Policy Statement
- Helpful gap analysis and project tools to ensure complete coverage of the Standard
- Guidance documents
- PCI DSS staff awareness training
Take a free trial of the toolkit to view a full list of the documents and try them out.