Fast food hamburger chain Wendy’s announced that it had discovered “reports of unusual activity involving payment cards” at some of its restaurants and is presently investigating the matter in order to determine the full extent of the apparent data breach and where it occurred.    This story was first reported by Krebs on Security.  Wendy’s operates 5,600 company owned and franchised restaurants around the world although initial reports do not tend to indicate that the apparent data breach affected all stores.  As is so often the case, the apparent data breach was first discovered not by Wendy’s itself, but by credit card processing banks noticing a pattern of fraudulent use of credit and debit cards that could be traced back to Wendy’s restaurants.  In fact, at this time, the incident appears to follow the pattern that I described in a column I wrote for USA Today in September of 2014.

Wendy’s still uses the old fashioned magnetic strip credit cards which are much easier targets for hackers than the EMV chip cards which have been required to be used by companies since October of 2015.  The rules requiring companies to switch to the new smart cards carry no specific penalty, but in the event of a data breach can result in the company not using the EMV chip cards to be responsible for the costs of fraudulent use of stolen card information.  It should also be noted that although October 1, 2015 was the deadline for retailers to switch to EMV smart card processing for credit cards and debit cards to avoid liability in the event of a data breach, the deadline for ATMs and gas station pumps to switch to the EMV smart cards is not until October 1, 2017.


As consumers the best thing we can do is to use your EMV chip card whenever possible.  Stores such as WallMart and Target have switched to the new cards.  If you have not yet received a new EMV chip card from your credit card company, contact them and get one as soon as possible.  It still is a good idea to not use your debit card for retail purchases because the protection from liability that you get regarding fraudulent use of a debit card is not as strong as the liability protection you get when using a credit card. Further, even if you report fraudulent use of your debit card immediately to your bank, your bank account to which the card is tied will be frozen and inaccessible to you while the bank investigates the matter.

If you were a customer of Wendy’s during the last year, it is a good idea to carefully monitor the charges on your credit card for indications of fraudulent use.