Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, August 04, 2006

Visa Takes Aim at Data Compromises

The card company has asked merchants to ensure that the software they use to process card transactions doesn’t store the full contents of “track data”, which contains passwords and other sensitive information.  Last year, a breach at CardSystems, a processor of card transactions, led to the exposure of 40 million payment records, setting off a firestorm that’s led to a crackdown on data security vulnerabilities by regulators and lawmakers.  Account numbers, expiration dates, and names are the only elements of track data that may be retained once a transaction has been authorized.  In addition, Visa requires compliance with the Payment Card Industry Data Security Standard (PCI DSS) by all merchants and any entity that stores, transmits or processes cardholder data.  Visa has a set of Payment Application Best Practices (PABP), which assists software vendors in creating secure payment applications, thereby helping to protect their customers from being exposed to a security breach.

As part of its campaign, Visa has alerted small to midsize restaurants of a security vulnerability die to improperly installed credit card transaction systems, known as point of sale or POS systems.

Visa says that misconfigured POS systems can contribute to the compromise of cardholder account information and other sensitive data.

Posted on 08/04