Staples, Inc. (NASDAQ:SPLS) has developed a new mobile App for the iPhone 6 and iPhone 6 Plus that will allow its customers to use Apple Pay in conjunction with Touch ID, which makes payments on its new app possible without having to reveal credit card information or sign for their purchases.
“We’re excited about the capabilities that Apple Pay offers our customers,” said Faisal Masud, executive vice president of global e-commerce, Staples, Inc. (NASDAQ:SPLS) “Innovations like these will help customers quickly find and pay for the products they need to make more happen. Apple Pay is the key feature of our updated iPhone app, and is another example of how we’re making it easier for consumers and small businesses to shop and check-out whenever and however they want.”
However exciting that announcement may have been to make, just hours later Staples said that it was investigating a data breach that may have seen customers’ credit card data compromised in a number of stores in the Northeast.
While Target Corporation (NYSE:TGT), The Home Depot, Inc. (NYSE:HD) and others have seen massive data breaches in the last year, it’s believed that Staples’ breach is quite limited given their roughly 1,800 stores nationwide. The investigation is a result of a number of banks contacting the retailer with regards to observed fraud patterns.
Staples’ limited data breach
Brian Krebs first spoke to the issue and suggested that it is most likely a matter of data-stealing malware being installed on cash registers in “seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.”
A short statement was made later in the day confirming Mr. Krebs admission. “Staples is in the process of investigating a potential issue involving credit card data and has contacted law enforcement,” said Staples Senior Public Relations Manager Mark Cautela. “We take the protection of customer information very seriously, and are working to resolve the situation. If Staples, Inc. (NASDAQ:SPLS) discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis.”
Presently, the fraud burden falls on banks but by this time next year, retailers will need to be able to accept EMV cards, largely used around the world, or have the fraud burden fall to them to reimburse customers in the event of a breach.