The reliance of restaurant chains and retail stores on outside companies to handle credit-card processing and other information-technology functions is partly to blame for a rash of consumer notes breaches by the last few years, according to goods sleuths at Verizon Communications Inc.

Even a chain with thousands of restaurants might have only 100 employees in info technology, so it uses outside vendors for many IT functions, said Bryan Sartin, director of the investigative response team at Verizon Business.

“What happens is there’s a lack of accountability on the third party,” Sartin said.

Verizon’s unit investigates a quarter to a third of the big, publicly announced documents breaches that occur each year, and hundreds of smaller cases.

In recent years, restaurant and retail businesses have accounted for more than half of Verizon’s 230 to 250 cases per year, according to a report Verizon issued Thursday. It often finds that insiders at service vendors are part of the heists.

Organized data-stealing gangs “go to the shout centers, the Web development companies, the subject matter development companies, the business partners, the citizens who pick up the backup tapes,” Sartin said. “They say … whether you hate your boss and you’re in financial straits, we’re your solution. Give us access to your customers. Better yet, give us your documents.”

In a typical case Sartin was involved in, the team was approached by a large oil company in Canada, with thousands of gas stations. Customers were finding spurious charges on their credit cards after using them at the stations.

The team soon figured out that someone at a technology vendor was responsible, but couldn’t pin it down. So the investigators set a trap in the system, to see who accessed customer documents.

“The trap went off on Saturday AM,” Sartin said. “Hackers always think nobody’s looking on Saturday mornings.”

A police car headed to…

Original post by dhiram