Natural Grocers is the latest US retailer to announce that is investigating a possible data breach involving customer payment cards.

The seller of natural and organic food, which has 93 stores in 15 US states, said it is investigating a possible data breach involving an “unauthorised intrusion targeting limited customer payment data”.

The company claims it has received no reports of any fraudulent use of payment cards from any customer, credit card company or financial institution.

However, sources in the financial industry have traced a pattern of fraud on customer credit and debit cards suggesting hackers have tapped into point of sales (POS) systems at Natural Grocers locations across the country, according to US investigative reporter Brian Krebs.

He wrote in an article on KrebsOnSecurity that Colorado-based Natural Grocers by Vitamin Cottage had hired a third-party data forensics firm, and law enforcement agencies were investigating the matter.

The company said there was no evidence card verification codes were accessed, and no personally identifiable information was involved.

Point of sale systems breached The attackers are believed to have breached Natural Grocers in late December 2014 by exploiting weaknesses in the company’s database servers and then installed malware to steal card data on the company’s point of sale (POS) systems, said Krebs, citing a source with inside knowledge of the breach. Natural Grocers said it had accelerated plans to upgrade the POS system in all its stores with a new PCI-compliant system that provides point-to-point encryption The POS system features card readers that with accept the more secure payment cards based on the Europay, MasterCard and Visa (EMV) standard being rolled out across the US to help reduce card fraud in the same way it has done in Europe. EMV is a global standard for the inter-operation of integrated circuit cards, known as chip and PIN in the UK. While EMV is not hack-proof, it provides more security than the magnetic stripe-based system, with a unique identifier for each transaction and user verification through a PIN code. In October 2014, US president Barack Obama signed an executive order to speed up the adoption of EMV cards in the US, where most merchants have continued to rely on the less secure magnetic stripe cards. The executive order directs the federal government to lead by example in securing transactions and sensitive data. With more than 100 million US citizens falling victim to data breaches in 2014, and millions suffering from credit card fraud and identity crimes, there is a need to move to stronger, more secure technologies that better secure transactions and safeguard sensitive data, the White House said in a statement.