Vera Bradley suffers hack of in-store payment systems

Dive Brief:

Women's accessories retailer Vera Bradley revealed that payments systems at its brick-and-mortar retail stores have been hacked, and that customer payment cards used at its stores this summer between July 25 and Sept. 23 may have been compromised.
Vera Bradley said it was notified of a security issue on Sept. 15 by law enforcement officials, and while an investigation found that its payment processing system was accessed without authorization, the retailer said it doesn't know how many cards had been affected, although it did determine that cards used for online payment were not impacted.
Vera Bradley added that it continues to work with a computer security firm to further strengthen system security and with law enforcement officials as they continue to investigate. The company is also working with payment card networks to more closely monitor the affected cards.

Dive Insight:

A recent report in the Fort Wayne News-Sentinel suggests that Indiana-based Vera Bradley plans to install chip card readers in its stores by next spring, which is nice for anyone who shops there next spring, but not exactly helpful for anyone affected in this incident.

Of course, it's hard to know how much EMV chip card readers might have helped in this situation because, as usual, the retailer involved isn't saying a whole lot about what actually happened. Also, transaction technology company NCR noted not long ago that even chip cards potentially can be compromised through their magnetic stripes.

In addition to still being fairly secretive about the nature of hacking episodes, retailers also have not proven to be very good at spotting incidents as they have just begun to unfold. Hacks always seems to be active for weeks or months, and it tends to be weeks more before the public hears what happened.

Another question unanswered at this point: Could this incident be somehow related to that major hack of in-store payments systems that hit Eddie Bauer stores and reportedly affected other businesses? Maybe that's far-fetched, but again, details are coming at a premium.

It's becoming clear that even with the transition to chip cards and more advanced payment terminals, retailers need to do a better job both in-store and online to fight security threats. Multiple layers of security are needed, and retailers need to start working more closely together and being more forthcoming in regard to sharing details about hacking episodes. The way things are going, another major retailer could be getting hacked right now, but we won't find out about it until after Christmas in a well-meaning but tersely-worded statement.