Hacked Hoagie
Eating fresh at Subway may possibly cost you more than a five dollar foot long. In a scheme dating back to 2008, hackers were able to steal and gather credit card data from the point-of-sale (POS) systems of over 150 Subway restaurants. According to Sean Gallagher’s article, “How hackers gave Subway a $3 million lesson in point-of-sale security”, the hackers were able to retrieve the sensitive card information from over 80,000 people.
Authorities noticed the attacks on the POS system through “a targeted port scan of blocks of IP addresses to detect systems with a specific type of remote desktop access software running on them.” The software provided a ready-made back door for the hackers to gain entry to the POS systems. PCI Security Standards Council’s regulations require two-factor confirmation for remote access to POS systems, something that wasn’t implemented at the different Subway franchises.
Gallagher’s article goes on to say that Subway Corporate Press Relations Manager, Kevin Kane, stated “the tech guys who dealt with this moved and put steps in place [to block the theft of data] as soon as they discovered it.” Subway did not go into detail on measurements taken into preventing possible attacks saying, “We don’t want to give away the blueprint.”
Cyber-security is an element that businesses must take into consideration when choosing POS software. ChargeLogic Payments is PCI validated credit card and payment processing software integrated with Microsoft Dynamics NAV that encrypts sensitive customer account information. This ensures that data is not left behind on hardware, protecting customers from having their credit card data stolen in the event of a hack.
ChargeLogic Connect is the leading cloud-based service integrated with Microsoft Dynamics NAV. One service that Connect provides is Secure Remote Storage –a service that manages and stores credit card information, ensuring that it is never stored in the NAV database. When a customer’s credit card number is required for payment processing, ChargeLogic Payments retrieves it from Connect, securely transmits it, and then deletes it, allowing businesses to take their operations out of scope for PCI compliance, while greatly decreasing the possibility for data theft. For more information on ChargeLogic Payments and ChargeLogic Connect, visit www.chargelogic.com.


