14 DAY TRIAL // A $200,000 credit card fraud is suspected to have resulted from hackers compromising the Point-of-Sale (POS) system at a Florida restaurant with malware specifically designed for it.
Dave Wendland, the owner of Julie's Place, a Tallahassee eating house dating back to 1978, began learning from his customers of fraudulent out-of-state charges on their credit cards back in July.
Soon afterward he was contacted by the Leon County Sheriff's Office Financial Crimes Unit, which was investigating a $200,000 fraud involving over 100 payment cards, that were all used at his business.
The investigation is still underway, but a technician with the company that installed the Point-of-Sale system at the restaurant has found evidence that hackers penetrated its firewall and deployed malware specifically targeting that model of card terminals.
The terminals are called Aloha and are manufactured by Radiant Systems, one of the largest providers of such systems in the country.
According to BankInfoSecurity, a Radiant representative stressed that the company's product is not vulnerable and blamed the restaurant for not employing enough security layers, as required under PCI. [industry standards]
Wendland does not agree with this claim, but has since replaced the entire POS system and deployed better network software. "Our POS system is completely 'locked down' now," he says.
Colin Sheppard, director of incident response at Atlanta-based information security and compliance vendor Trustwave, which was called in to assist with forensics in this case, says that this type of attacks are increasing, especially those involving keyloggers or RAM scrappers.
This incident is very similar to one that we reported last month, which involved an Austin restaurant chain called Tino's Greek Cafe.
Just as in this case, preliminary investigations concluded that the breach was somewhere in the network between the restaurant and the processor, but other parties involved claimed that it was likely in the POS.