Security Validation, LLC to Partner with PCI Security Standards Council to Improve Payment Data Security Worldwide

pci_ssc_participating_org
Newark, New Jersey, January 6, 2015Security Validation, a leading Data Security and Data Privacy advisory firm, announced today that it has joined the PCI Security Standards Council as a new Participating Organization. Security Validation will work with the Council to achieve and improve payment data security worldwide through the ongoing development of the PCI Security Standards, including the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS). Endorsed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., the PCI Security Standards require merchants and service providers that store, process or transmit customer payment card data to adhere to information security controls and processes that ensure data protection. To enhance payment data security globally while embracing new technologies as they are developed, the Council relies on involvement of those across the payments processing chain, from merchants and service providers to payment device manufacturers and software developers, financial institutions and processors.

As a Participating Organization, Security Validation adds its voice to the standards setting process and will receive previews of drafts of standards and supporting materials in order to provide feedback to shape their final versions, as well as engage a growing community of more than 600 organizations united to improve payment security.

Security Validation will also have the opportunity to recommend new initiatives for consideration to the PCI Security Standards Council, participate in exclusive webinars and question and answer sessions with Council representatives, and review and discuss new versions of the PCI Security Standards while sharing cross-sector experiences and best practices at the annual Community Meetings.

“In an era of increasingly sophisticated attacks on systems, adhering to the PCI DSS represents an entity’s best protection against network security threats and data breaches,” said Stephen W. Orfei, General Manager of the PCI Security Standards Council. “By joining as a Participating Organization, Security Validation demonstrates they are playing an active part in mitigating the threats and improving the security of the payment chain globally by driving the security standards to higher levels of adoption and strength.”

About Security Validation
Security Validation is a leading data security and data privacy advisory firm focused on improving the security posture of hotels across North America. Founded by industry experts, Security Validation brings over 25 years of data security experience to the hospitality industry. Security Validation provides Data Security Assessments, Security Training and Awareness programs via Security Validation Academy http://www.teachmepci.com, Vulnerability Scanning Services and a full compliment of customized Policy’s Procedures and Best Practices.

About the PCI Security Standards Council
The PCI Security Standards Council is an open, global forum that is responsible for the development, management, education and awareness of the PCI Data Security Standard (PCI DSS) and other standards that increase payment data security. Founded in 2006 by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., the Council has more than 700 Participating Organizations representing merchants, banks, processors and vendors worldwide. To learn more about playing a part in securing payment card data globally, please visit: pcisecuritystandards.org.

Signature Systems Acts to Block Payment Card Security Incident

Signature Systems, Inc. provides<point-of-sale (POS) systems for restaurants. We were alerted to a potential issue at one restaurant on July 30, 2014. We immediately began an investigation and found malware on a POS device at that restaurant that had not been detected by the restaurant’s anti-virus program. We removed the malware and engaged a leading computer security firm to investigate every POS system and help us implement enhanced security measures.

How did this happen?

We have determined that an unauthorized person gained access to a user name and password that Signature Systems used to remotely access POS systems. The unauthorized person used that access to install malware designed to capture payment card data from cards that were swiped through terminals in certain restaurants. The malware was capable of capturing the cardholder’s name, card number, expiration date, and verification code from the magnetic stripe of the card.

What restaurants are affected?

This incident affected 216 Jimmy John’s stores and 108 other restaurant locations. The time frame during which payment cards may have been captured at an affected restaurant varies across the affected locations. June 16 is the earliest date that cards were at risk at certain locations. After learning of the potential issue on July 30, by August 5, we had removed the malware from most of the affected locations. For a small percentage, we were not able to completely remove the malware from all devices in the system until mid-September.

What are we doing?

We wanted to let you know about this incident as soon as we could. Because we cannot identify which specific cards were actually taken and we do not have the names or addresses of any potentially affected customers, a list of the affected restaurants and at risk time frames is below.

If you used your card at one of those stores during the listed time and see a fraudulent charge on your card, please immediately contact the bank that issued your card. Major credit card companies typically guarantee that cardholders will not be responsible for fraudulent charges. Please review your account statements for any unauthorized activity regularly. You should also review the “More Information on Ways to Protect Yourself” section below.

We have also been working with the credit card networks and law enforcement. By identifying which cards may be at risk and notifying the credit card networks, they can work with the banks that issued those cards to prevent fraudulent transactions or to issue new cards. We are confident that the additional security measures blocked the attack and you can feel confident in continuing to use your card at the affected restaurants.

We deeply regret any inconvenience this may cause. If you have questions please call us at 877.235.0923, Monday through Friday, 9 a.m. to 7 p.m.

Frequently Asked Questions

How did this happen?

An unauthorized person used a remote access tool to access the computers in the restaurants’ that operate the point-of-sale systems and installed malware designed to capture payment card data. The malware was designed to avoid detection by the anti-virus programs running on the point-of-sale systems.

When did you discover this?

We were first alerted to a potential issue affecting one restaurant location on July 30, 2014 and have been working hard ever since to determine what occurred, block it from continuing, implement enhanced security measures, and notify the affected merchants.

Why did you wait until now to tell me?

Forensic investigations take time, and we wanted to be sure we had accurate and reliable information regarding what happened and what was being done to prevent it from happening in the future.

How many people were affected?

Although we know the affected locations and time frames when cards were at risk, we do not have access to transaction information that would let us know how many cards were used in those stores during the at risk times.

Store List

Jimmy John’s has posted a list of affected stores and time frames on its website www.jimmyjohns.com
The other affected restaurants and time frames are:
Store Earliest At Risk Latest At Risk
Roman Delight – Southampton, PA 6/23/2014 10:37 AM 6/26/2014 2:03 AM
Antonellis Pizza – Lorton, VA 6/17/2014 9:32 AM 7/17/2014 10:29 PM
Italian Touch – Broadway, VA 6/19/2014 7:02 AM 7/25/2014 7:38 PM
Lost Pizza Co. – Southaven, MS 6/23/2014 6:54 AM 7/30/2014 4:02 AM
Lost Pizza Co. – Tupelo, MS 6/23/2014 7:04 AM 7/312014 1:09 AM
Pizza King – North – Rushville, IN 6/23/2014 9:47 AM 8/1/2014 3:15 PM
Joe’s Pizza and Pasta – Dupo, IL 6/19/2014 7:36 AM 8/1/2014 8:08 PM
Lott-A-Freeze – Indianola, MS 6/23/2014 7:13 AM 8/1/2014 8:42 PM
Springdale Pizza – Stamford, CT 6/24/2014 7:25 AM 8/1/2014 9:03 PM
Skin Flints – Brooklyn, NY 6/24/2014 7:04 AM 8/1/2014 9:05 PM
Grecco’s Pizza – Bedford, IN 6/19/2014 6:38 AM 8/1/2014 9:39 PM
Blue Moon Bakery – Big Sky, MT 6/18/2014 6:15 AM 8/1/2014 9:45 PM
SaraBella Pizzeria & Desserts – Albany, NY 6/24/2014 6:52 AM 8/1/2014 9:47 PM
Mister Jim’s Submarines – Chesapeake, VA 6/23/2014 7:55 AM 8/1/2014 9:59 PM
Paisano’s Pizza – Rockville, MD 6/17/2014 8:06 AM 8/1/2014 9:59 PM
Pizza King – Rushville, IN 6/23/2014 9:42 AM 8/1/2014 10:06 PM
Angelina’s Pizzeria & Restaurant – Hackensack, NJ 6/17/2014 9:23 AM 8/1/2014 10:09 PM
Giuseppe’s Pizza – New Hope, PA 6/18/2014 8:37 AM 8/1/2014 10:09 PM
Piero’s Italian Restaurant – Huntingdon Valley, PA 6/17/2014 7:22 AM 8/1/2014 10:10 PM
Bagel Boys – Ramsey, NJ 6/17/2014 6:59 AM 8/1/2014 10:18 PM
Donatis Pizza – Lake Forest, IL 6/18/2014 7:44 AM 8/1/2014 10:17 PM
Glenside Pizza – Glenside, PA 6/18/2014 8:41 AM 8/1/2014 10:19 PM
DeNiros Pizza & Subs – Baltimore, MD 6/18/2014 7:00 AM 8/1/2014 10:19 PM
Luigis Pizzarama – Elkins Park, PA 6/23/2014 7:15 AM 8/1/2014 10:21 PM
Warrington Pizza – Warrington, PA 6/25/2014 7:32 AM 8/1/2014 10:23 PM
Wings to Go – Fairless Hills, PA 6/25/2014 7:38 AM 8/1/2014 10:28 PM
The Pizza Shop II – Fishkill, NY 6/23/2014 9:50 AM 8/1/2014 10:34 PM
Spatola’s – Paoli, PA 6/24/2014 7:22 AM 8/1/2014 10:38 PM
Casa D’Amico – Stratford, NJ 6/18/2014 6:34 AM 8/1/2014 10:40 PM
Wings to Go – Feasterville, PA 6/25/2014 7:45 AM 8/1/2014 10:41 PM
Friends Bar & Grill, Newtown, PA 6/18/2014 7:16 AM 8/1/2014 10:42 PM
Paisano’s Kingstowne – Alexandria, VA 6/17/2014 7:57 AM 8/1/2014 10:45 PM
Joanie’s – St. Louis, MO 6/19/2014 7:29 AM 8/1/2014 10:52 PM
Hambinos Pizza Co – Bristol, TN 6/19/2014 2:43 AM 8/1/2014 11:59 PM
Joe’s Pizza – Greenville, IL 6/19/2014 8:05 AM 8/1/2014 11:59 PM
Middle River Pizzeria – Middle River, MD 6/23/2014 7:53 AM 8/1/2014 11:59 PM
Tony’s NY Pizza – Fairfax, VA 6/25/2014 6:51 AM 8/2/2014 1:33 AM
Uncle Paul’s Pizza – New York, NY 6/17/2014 9:00 AM 8/2/2014 9:56 AM
The Corner Café – Huntingdon Valley, PA 6/17/2014 7:21 AM 8/2/2014 1:07 PM
Paisano’s Pizza – Fairfax, VA 6/17/2014 7:50 AM 8/2/2014 1:40 PM
Pizza Classica – Ridgewood, NY 6/23/2014 9:39 AM 8/2/2014 2:54 PM
Paisano’s – Gainesville, VA 6/17/2014 7:53 AM 8/2/2014 3:05 PM
Paisano’s – Herndon, VA 6/17/2014 7:55 AM 8/2/2014 3:09 PM
Costello’s Italian Ristorante – Galloway, NJ 6/18/2014 6:49 AM 8/2/2014 3:39 PM
Uncle Charlie’s Pizza – Fairless Hills, PA 6/25/2014 6:59 AM 8/2/2014 3:53 PM
Joes Pizza & Pasta – Edwardsville, IL 6/19/2014 8:04 AM 8/2/2014 3:55 PM
Paisano’s – Chantilly, VA 6/17/2014 7:35 AM 8/2/2014 3:58 PM
Romanellis – Madison, NJ 6/23/2014 10:40 AM 8/2/2014 4:07 PM
Rosatis – Springfield, MO 6/17/2014 8:41 AM 8/2/2014 4:09 PM
Paisano’s Pizza – Vienna, VA 6/17/2014 8:23 AM 8/2/2014 4:12 PM
Paisano’s Pizza – Annandale, VA 6/17/2014 7:37 AM 8/2/2014 4:21 PM
Uncle Oogie’s – Warminster, PA 6/25/2014 7:03 AM 8/2/2014 4:22 PM
Tonelli’s – Horsham, PA 6/25/2014 6:45 AM 8/2/2014 4:31 PM
Community Pizza – Fort Dodge, IA 6/18/2014 6:42 AM 8/2/2014 4:32 PM
Fat Boys Pizza – Holt, MI 6/18/2014 8:03 AM 8/2/2014 4:34 PM
Pizza Tugos – Ocean City, MD 6/23/2014 10:10 AM 8/2/2014 4:35 PM
Paisano’s – Crystal City, VA 6/17/2014 7:47 AM 8/2/2014 4:36 PM
Santucci’s – Philadelphia 6/23/2014 8:50 AM 8/2/2014 4:37 PM
Pizzeria Scotty, Milwaukee, WI 6/23/2014 10:28 AM 8/2/2014 10:20 PM
Paisano’s – Manassas, VA 6/17/2014 7:58 AM 8/3/2014 4:36 AM
Paisano’s Pizza – Ashburn, VA 6/17/2014 7:33 AM 8/3/2014 4:43 AM
Casa D’ Mama – Annandale, VA 7/1/2014 6:42 PM 8/3/2014 10:57 AM
Johnnys Pizza – Ocean City, MD 6/23/2014 6:26 AM 8/3/2014 11:12 AM
Paisano’s – Woodbridge, VA 6/17/2014 8:27 AM 8/3/2014 10:03 PM
Di Fiores Pizzeria and Italian Restaurant – Neffs, PA 6/18/2014 7:03 AM 8/3/2014 11:42 PM
Paisanos Pizzaria – Reston, VA 6/17/2014 8:05 AM 8/4/2014 1:23 PM
Uncle Joe’s Pizza 6/17/2014 7:28 AM 8/4/2014 2:46 PM
Santucci’s – Philadelphia, PA 6/24/2014 6:35 AM 8/4/2014 7:54 PM
All Town Pizza – Glenolden, PA 6/17/2014 9:10 AM 8/5/2014 12:01 AM
Paisano’s – Fair Lakes, VA 6/17/2014 7:48 AM 8/5/2014 6:21 PM
Dominick’s – Parkville, MD 6/18/2014 7:40 AM 8/10/2014 5:23 AM
Wild West Pizzeria – West Yellowstone, MT 6/25/2014 7:30 AM 8/12/2014 7:24 PM
Abate Apizza – East Haven, CT 6/17/2014 9:05 AM 8/14/2014 5:19 PM
Rosati’s – Oconomowoc, WI 6/17/2014 8:40 AM 8/18/2014 3:43 PM
Abate Restaurant – New Haven, CT 6/17/2014 9:15 AM 8/18/2014 4:13 PM
Austin’s Bar & Grill – Franklin, IN 7/1/2014 6:45 PM 8/20/2014 7:48 PM
Mister P Pizza & Pasta – Philadelphia, PA 6/23/2014 7:59 AM 8/26/2014 3:58 AM
La Fogata – Warminster, PA 6/23/2014 6:34 AM 8/26/2014 5:59 AM
Mario’s Pizza – Berea, KY 6/23/2014 7:45 AM 8/26/2014 6:31 AM
Lee’s Hoagie House of Horsham – Horsham, PA 7/1/2014 6:46 PM 8/29/2014 6:58 AM
VJ’s Diner & Rest-Pizza – Hamilton, NY 6/25/2014 7:30 AM 9/9/2014 3:28 PM
Apollo Pizza – Philadelphia, PA 6/17/2014 9:38 AM 9/18/2014 4:17 AM
Epheseus Pizza – Pittsburgh, PA 6/18/2014 8:00 AM 9/18/2014 2:42 PM
Garden City Pizza – Garden City, NY 6/18/2014 8:20 AM 7/15/2014 4:59 AM
Valentino’s Pizza – Sterling, VA 6/25/2014 7:14 AM 8/29/2014 8:29 PM
The Pizza Place and More – Crystal Lake, IL 6/24/2014 7:47 AM 9/9/2014 1:32 PM
Positano’s – Franklin Park, IL 6/23/2014 10:31 AM 9/18/2014 12:56 AM
Bella Pizza – Centreville, VA 6/17/2014 7:30 AM *
Paisano’s Bailey’s Crossing – Falls Church, VA 6/17/2014 7:41 AM *
Rosati’s – Tuscon, AZ 6/17/2014 8:38 AM *
Rosatis Pizza Pub – Yorkville, IL 6/17/2014 8:50 AM *
Don Franco’s – Apollo Pizza – Sewell, NJ 6/17/2014 9:35 AM *
Brother Bruno’s – Hawley, PA 6/18/2014 6:46 AM *
Deniro’s – Baltimore, MD 6/18/2014 6:58 AM *
Dolce Carini – Newtown, PA 6/18/2014 7:18 AM *
Dominick’s Pizza & Carryout – Parkville, MD 6/18/2014 7:36 AM *
Doreen’s Pizzeria II – Dyer, IN 6/18/2014 7:50 AM *
Garlicknot – Littleton, CO 6/18/2014 8:22 AM *
Joes Pizza & Pasta – Altamont, IL 6/19/2014 7:33 AM *
Oreland Pizza – Oreland, PA 6/23/2014 8:15 AM *
Papa Nick’s – Philadelphia, PA 6/23/2014 8:43 AM *
Royal Pizza, Columbia, MD 6/24/2014 6:28 AM *
SaraBella – Ballston Spa, NY 6/24/2014 6:54 AM *
Trattoria Peppino – Elmwood Park, IL 6/25/2014 6:53 AM *
*Denotes locations where forensic evidence to conclusively determine when the malware was removed has not yet been identified. The investigation to determine this latest at risk date is ongoing. The attack has been blocked at these locations.