P.F. Chang's Data Breach Underscores POS System Vulnerabilities
However, Tripwire's Melancon said going to manual imprint for credit card information is an entirely bad idea. "In terms of establishing trust after a breach, going to the use of carbon forms to gather payment information isn't as crazy as it sounds," he said. "After all, if you're not sure which of your data systems you can trust, why would you put even more data into those systems?" That said, Melancon added that going to physical collection of the card information might reduce the number of people who interact with the data because that information is no longer accessible on an open network, but it isn't practical in the long term. "The risk in paper-based collection is that many retailers no longer have effective processes or employee training designed to secure, monitor and control physical card slips," Melancon said. "This means that, while a paper-based approach may reduce one specific type of risk, it doesn't totally eliminate risk altogether; it changes the data protection problem to a different form." What Customers Should Do"As the investigation progresses, it's likely that issuing banks will take proactive measures to cancel cards they suspect are compromised," Casesa said. "Banks are monitoring stolen card data sites looking for their own cards, and it's through this mechanism that the breaches are discovered." P.F. Chang's customers should request a new credit card from their credit card issuer, Haber said. For those choosing to visit a P.F. Chang's restaurant, Haber advises: "If you can, pay cash until their electronic system is functioning again." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
As is the case with any retail data breach, customers should always be looking at their credit card and bank transaction statements for fraudulent charges.