NIS America Suffers Card Breach, Offers Store Credit

Gaming developer NIS America has acknowledged a major credit-card data breach affecting users of its online stores. However, in a move ripe for commentary, the company is doling out $5 discount codes for impacted consumers to use on their next purchases.

The company notified customers via email, noting that the breach took place between January 23 and February 26 and affected users of its North America online stores. The attack resulted in the theft of payment-card details and address information.

"On the morning of February 26th, we became aware of a malicious process that had attached itself to our checkout page," NIS America said in the email. "This process was being used…to skim personal information provided by our customers during checkout after they placed an order at our store. Afterward, the malicious process would return the customer to the NIS America store page to complete their transaction.”

It added, "Transactions conducted in this manner were still successfully completed on the NIS America store pages. However, the payment information recorded by the malicious process could be used for fraudulent charges in the future."

NIS also sought to reassure those with user accounts on the site: "User accounts are used primarily to track past orders and gain reward points. Data for past orders is stored securely, and will only show the last four digits of a credit card, and will not show the CVV security code or expiration date.”

NIS hasn’t released further details of the breach, including how many are affected. It did say that it’s confident that the issue has been resolved and talked up the store credit.

"We understand that this is a small token, but we hope it will show our commitment and appreciation of our customers as we begin to regain your trust,” it said.

John Gunn, CMO, VASCO, sees the move as a savvy one.

"It’s sad to think about it, but breaches could become an effective 21st-century marketing tool,” he said via email. “Consumers seem to be very forgiving of companies that suffer breaches, from Target to Uber to Equifax. And with the new approach of using a breach as a coupon or free-trial distribution system, companies can actually profit from the breach, especially since it’s the card holders or issues that suffer the primary losses from a breach. Consider the millions of free trials that Equifax gained from its breach that would normally have cost them millions of dollars of marketing expenses."

Impacted customers should change their user account passwords, monitor banking account activity and be vigilant against phishing attempts.

What’s Hot on Infosecurity Magazine?