Fear the Retailer: Forever 21 Hacked as Black Friday Approaches

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Retailer Forever 21 recently announced that there may have been unauthorized access to credit and debit card information at some Forever 21 locations. The company says it was notified of the breach by a third party.

"We immediately began an investigation of our payment card systems and engaged a leading security and forensics firm to assist us," the company stated.

The breach occurred in spite of encryption and tokenization solutions the company implemented in 2015 -- only some point of sale (PoS) devices in some stores were affected "when the encryption on those devices was not in operation," Forever 21 said.

It's not yet clear which locations may be affected, though the company says it's focused on in-store transactions between March 2017 and October 2017.

Protecting the Transaction

Obsidian Security CTO Ben Johnson told eSecurity Planet by email that the breach is a reminder that every retailer is a target. "Holiday shoppers should be diligent in monitoring their account activity, and should consider Apple Pay or cash if they are feeling less confident about the security of the retailers' systems," he said.

"Retailers should understand that any areas of weakness, such as those few systems without multi-factor authentication or encryption, will eventually find themselves victim of compromise," Johnson added. "In some ways things are improving on the defensive side, but we cannot forget that the attackers often innovate faster."

The news of the breach comes as consumers express increasing concerns about the security of online shopping -- a recent SiteLock survey of 1,017 U.S. adults found that almost one in three online shoppers don't plan to shop online at all during the holidays, and 27 percent worry about their information being compromised.

Sixty-five percent of respondents who have had information stolen or compromised due to online shopping say they no longer shop online at all, or refuse to return to the website where their information information was compromised -- and 52 percent of respondents say a store that provides a secure payment network makes them feel more confident.

Searching for Security

Similarly, a recent Paysafe survey of 300 and businesses and more than 3,000 consumers in the U.S., U.K. and Canada found that 59 percent of U.S. consumers believe fraud is an inevitable part of shopping online.

In response, consumers say security trumps convenience -- 58 percent say they would be willing to accept any security measures needed to eradicate fraud, and 71 are open to leveraging more secure payment processes such as two-factor authentication.

U.S. businesses don't seem to understand that, however -- just 39 percent of U.S. businesses believe their customers would favor increased security, and 67 percent worry that longer verification processes would cause them to lose customers.

Still, 47 percent of merchants say more than 5 percent of their transactions are fraudulent.

"For years, consumers have had to overcome the apprehension that businesses know too much about them -- from shoe sizes to food preferences," Paysafe CEO Todd Linden said in a statement. "But as the payment world evolves, it is this knowledge that will make individuals more secure."

"The evolution of big data will make payments smarter and easier and help to redress the balance between security and convenience," Linden added. "Big data will be the ultimate key to tightening up security at PoS, online and in brick and mortar environments."