US restaurant chain P.F. Chang's China Bistro plans to temporarily bring back manual credit card imprinting while it investigates a security breach that allowed hackers to steal customer payment card data from multiple stores.
The old-school manual system has already been spotted by people affiliated with Sans, a computer security training institute. Readers may remember the system from decades ago, when eight-track tapes and, later, Betamax video, were still the rage. P.F. Chang's servers will be retaining carbon copies of the transactions, according to KrebsOnSecurity reporter Brian Krebs, who first reported the breach three days ago after finding that thousands of newly stolen credit and debit cards for sale in underground forums were all used at the chain.
"At P.F. Chang's, the safety and security of our guests' payment information is a top priority," a statement posted on the chain's website stated. "Therefore, we have moved to a manual credit card imprinting system for all P.F. Chang's China Bistro branded restaurants located in the continental United States. This ensures our guests can still use their credit and debit cards safely in our restaurants as our investigation continues."
The statement went on to advise customers to monitor their credit card and bank statements and to report any suspicious activity to their card issuers.
According to Krebs, P.F. Chang's is also deploying dial-up card readers that will be plugged in to old-fashioned phone lines and used to process the imprint slips. The chain's shift to a manual system is already prompting jokes that rib a security-through-obscurity approach. In fairness, manual imprints are probably more secure. Just as they are harder for merchants to quickly process in large numbers, they probably are similarly harder for digital thieves to siphon up wholesale.
P.F. Chang's is the latest nationwide chain to be hit by an embarrassing hack that compromised its customers' sensitive data. In November, retailer Target suffered a breach that compromised credit card and personal data for as many as 110 million customers. Like P.F. Chang's, Target has been working with law enforcement agencies to investigate the hack. Unlike P.F. Chang's, Target has continued to process payment card transactions electronically.
reader comments
210