P.F. Chang's experiences credit and debit card breach

It has happened again, another credit card breach at a nationwide chain, this time involving P.F. Chang’s. On June 10th, 2014, P.F. Chang’s learned that they had become a victim of a security breach that involved credit and debit information. The breach is not a nationwide issue and only occurred at select P.F. Chang's restaurants.

P.F. Chang’s is uncertain when the attack took place, but it is working with the United States Secret Service to clarify when the breach first occurred and more importantly how much data was stolen.

These types of breaches cause huge inconveniences to the company involved and its customers. P.F. Chang’s is urging customers to be on the look out for suspicious activity and to inform their credit card company of any such transactions.

In order to combat further compromises, P.F. Chang’s will begin using manual imprint devices to handle future credit and debit card transactions.

In regards to the incident, Rick Federico, CEO of P.F. Chang’s, issued a statement:

 On Tuesday, June 10, P.F. Chang's learned of a security compromise that involves credit and debit card data reportedly stolen from some of our restaurants. Immediately, we initiated an investigation with the United States Secret Service and a team of third-party forensics experts to understand the nature and scope of the incident, and while the investigation is still ongoing, we have concluded that data has been compromised.

At P.F. Chang's, the safety and security of our guests' payment information is a top priority. Therefore, we have moved to a manual credit card imprinting system for all P.F. Chang's China Bistro branded restaurants located in the continental United States. This ensures our guests can still use their credit and debit cards safely in our restaurants as our investigation continues.

We have also established a dedicated public website, pfchangs.com/security, for guests to receive updates and answers to their questions.

Because we are still in the preliminary stages of our investigation, we encourage our guests to be vigilant about checking their credit card and bank statements. Any suspected fraudulent activity should be immediately reported to their card company.

We sincerely regret the inconvenience and concern this may cause for our guests.

If you have dined at a P.F. Chang’s location recently, you may want to contact your credit or debit card company and be on the look out for suspicious activity.

Source: P.F. Chang’s via Krebs on Security | Image via P.F. Chang's 

Report a problem with article
Previous Story

Razer offering Nabu wearable for $1 for 500 beta testers and $50 for developers

Next Story

Micromax expected to launch its first Windows Phones on June 16

14 Comments

Commenting is disabled on this article.

We were at PF Changs in San Diego last week. However, I use my American Express for everything and their customer service is on top any little scenario that could be fraud. I'm not concerned. If it happens, I'm not liable and they'll issue me a new card.

JHBrown said,
We were at PF Changs in San Diego last week. However, I use my American Express for everything and their customer service is on top any little scenario that could be fraud. I'm not concerned. If it happens, I'm not liable and they'll issue me a new card.

Generally in the United States, no cardholder is liable, provided its a Credit Card. The bank or issuer assumes all liability.

The problem arises when its a debt card. If funds are siphoned from a checking account, the process for restoring those funds is much more time consuming. If consumers or merchants were, in fact, held liable, it would be a much bigger issue and we'd likely already be using chip and pin cards like pretty much the rest of the world.

How debit cards are handled varies from bank to bank. Most banks these days treat debit and credit cards the same when it comes to fraud. I've had fraudulent transactions on my debit cards, called the bank, money back within a day. Plus my bank has a pretty smart anti-fraud monitoring, it will instantly flag things that look suspicious and send out email and text message notifications.

Hurricane Andrew said,
we'd likely already be using chip and pin cards like pretty much the rest of the world.

How are you guys not using chip and pin by now? Here in the UK, it was rolled out several years ago. It's very rare now that you find somewhere here that does not require chip and pin. Even mobile sellers now have portable chip and pin terminals with those built in receipt printers.

How are you guys not using chip and pin by now? Here in the UK, it was rolled out several years ago. It's very rare now that you find somewhere here that does not require chip and pin. Even mobile sellers now have portable chip and pin terminals with those built in receipt printers.

Because our credit card readers were made in the bronze age.

Many credit card companies are starting to roll out chip and pin but most stores still don't accept it.

Hurricane Andrew said,

Generally in the United States, no cardholder is liable, provided its a Credit Card. The bank or issuer assumes all liability.

The problem arises when its a debt card. If funds are siphoned from a checking account, the process for restoring those funds is much more time consuming. If consumers or merchants were, in fact, held liable, it would be a much bigger issue and we'd likely already be using chip and pin cards like pretty much the rest of the world.

During data breach no, but if your card is physically stolen you are only liable for $50. A lot of people don't know that and throw in these expensive $0.99 per $100 balance on a card at the end of the month because it makes them feel safe.

TCLN Ryster said,

How are you guys not using chip and pin by now? Here in the UK, it was rolled out several years ago. It's very rare now that you find somewhere here that does not require chip and pin. Even mobile sellers now have portable chip and pin terminals with those built in receipt printers.

It has to do with the financial incentive. Issuing banks aren't liable for the costs of most breeches, the cost is borne by intermediaries or merchants. It's a very bad setup, and has led to us dragging our feet.

K, I am no expert, but when they say, "In order to combat further compromises, P.F. Chang's will begin using manual imprint devices to handle future credit and debit card transactions", I have to ask why they weren't doing this before? Is manual imprint where they slide the thingy across your card?

Typically these still exist in every retail establishment as a fallback during network/power outages. They are *not* considered optimal and are business-unfriendly. While some shoppers have no problem with that and have the selfish perspective that waving their money around turns them into every cashier's almighty god, these things do tend to ultimately turn into poor shopping experiences all around.

Also, don't be that guy anyway or you're going to spend a lifetime constantly "taking your business elsewhere" to prove a point nobody cares about.

At P.F. Chang's, the safety and security of our guests' payment information is a top priority. Therefore, we have moved to a manual credit card imprinting system for all P.F. Chang's China Bistro branded restaurants located in the continental United States. This ensures our guests can still use their credit and debit cards safely in our restaurants as our investigation continues.

LOL yeah because manual paper copies of the entire credit card number, and expiration date is so much safer :rolleyes:

-Razorfold said,

LOL yeah because manual paper copies of the entire credit card number, and expiration date is so much safer :rolleyes:

I was thinking the same thing lol, it's also going back to the stone age of card transactions.