[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Ram Scraper Malware: Why PCI DSS Can't Fix Retail
From: InfoSec News <alerts () infosecnews ! org>
Date: 2014-07-24 9:28:49
Message-ID: alpine.DEB.2.02.1407240928390.23327 () infosecnews ! org
[Download RAW message or body]
http://www.darkreading.com/attacks-breaches/ram-scraper-malware-why-pci-dss-cant-fix-retail/a/d-id/1297501
By Brian Riley
Dark Reading
7/23/2014
There is a gaping hole in the pre-eminent industry security standard aimed
at protecting customers, credit card and personal data
Target, Neiman Marcus, Michael's, and possibly P.F. Chang's all have one
thing in common: They are recent victims of a type of malware called a RAM
scraper that infects point of sale (POS) terminals. These data breaches
occurred despite some, if not all, of these merchants complying with
industry security standards.
In Target's case, government analysts estimate the total financial impact
could reach as high as $12.2 billion. And the fallout continues. Target's
CEO Gregg Steinhafel set a new precedent, marking the first time that the
head of a major corporation resigned due to a data breach. Merchants
clearly must go beyond merely complying with industry security standards
to reduce their risk, especially in relation to POS terminal malware.
Why PCI DSS does not apply
As you undoubtedly know, point of sale (POS) terminals are computers with
card readers. Most computers have permanent storage, such as hard drives
or flash memory, and temporary storage, such as random access memory
(RAM). The security standard that dictates how payment card data is
protected is called the Payment Card Industry Data Security Standard (PCI
DSS). It requires merchants to encrypt credit card data residing on
permanent storage or traversing its publicly accessible networks, but not
while being processed in RAM.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic