14 DAY TRIAL // An investigation into a payment card fraud at Zoup restaurant chain indicates that the problem stemmed from compromising the payment processing devices at point-of-sale (PoS) vendor NEXTEP Systems.
The Zoup franchise has more than 70 locations scattered across North America and Canada, all using PoS systems from NEXTEP.
NEXTEP confirms data breach, investigation is ongoing
Financial institutions identified a fraud pattern involving payment cards used at many locations of the restaurant chain, but it appears that the compromise occurred at a higher level.
After contacting Zoup CEO Eric Ersher about the matter, Brian Krebs was directed to NEXTEP, which is currently investigating a possible breach of their systems.
Digging further into the issue, Krebs learned that the PoS vendor was recently informed by law enforcement of a possible security problem with their systems that may have been exploited by cybercriminals.
NEXTEP President Tommy Woycik said that he did not believe that all the merchants using their PoS devices were impacted, although the results of the currently ongoing investigation have yet to determine the full extent of the breach.
Not all customers may be affected by the security breach
Founded in 2005 and based in Troy, Michigan, NEXTEP provides payment devices for a large number of clients in the food service industry, airports, health care and education.
The PoS vendor has taken steps to make sure that the problem is addressed at all customer locations. “At this stage, we are not certain of the extent of the breach, and are working around the clock to ensure a complete resolution,” Woycik told Krebs.
The company is working with law enforcement and data security experts to identify the cause of the issue.
Most of the times, a breach at a PoS vendor occurs because of improper protection of log-in credentials used for remote administration. With access to the internal systems, cybercriminals can exfiltrate payment information that can be passed onto cloned cards, which can then be used for purchases at different retailers.
The merchandise obtained this way is generally sold for a fraction of its value in order to turn a profit as soon as possible.