P.F. Chang’s China Bistro learned of a security breach involving credit and debit cards on June 10.
Over a month later, information from the company remains sketchy, including such details as when the breach began, and if data from every restaurant was compromised. The Secret Service is investigating, along with private contractors. The company has set up a special web page to update information about the breach.
As details are sorted out, the company has provided manual credit card imprinting devices to its more than 200 restaurants. But that action has alarmed some consumers and security experts who consider the devices to be risky.
When a card is swiped on the device, a carbon is made showing the complete credit card number and expiration date of the card. If low tech thieves get their hands on the carbons, the cardholders may become victims of fraud.
By contrast, the Fair and Accurate Credit Transactions Act, which took effect in 2006, requires that only the last four or five digits of your card number be shown on electronic receipts, and the expiration date does not appear.
Calls expressing concern were made to a special hotline set up by P.F. Chang’s to handle security breach inquiries. In response, the company added information to its web page about the credit card slips, “P.F. Chang's is handling the storage and destruction of these slips according to the data protection processes required by the credit and debit card companies.”
The company recently deployed additional encryption-enabled terminals to improve speed and automation in an effort to phase out the manual devices. However, it may be a good idea to use cash until all of the restaurants switch back to electronic readers.
Former Washington Post reporter Brian Krebs, who broke the news about both the Target and P.F. Chang’s security breaches, reports on his blog that the breach at the restaurant chain appears to have lasted from Sept. 18, 2013 – June 11, 2014. If you don’t routinely monitor your statements, check credit and debit card statements dating back to September to make sure there are no fraudulent transactions.