Tuesday, December 9, 2008

Parsing Data in Transit - Trustwave Warning

Trustwave announces the release of its updated forensics white paper, which examines 443 cases of cardholder data compromise investigated by Trustwave since 2001.  In the seven years Trustwave has been conducting credit card compromise investigations, it’s found businesses have made progress in protecting cardholder data, due to the very prescriptive and holistic Payment Card Industry Data Security Standard (PCI DSS). While fewer and fewer compromise investigations by Trustwave find the storage of cardholder data, theft of credit card data continues to make headlines every week.

This white paper outlines a new technique –parsing data in transit— that Trustwave has found during its investigations of credit card compromise. 

What’s most unsettling about this trend is that a merchant can use a payment application or Point-of-Sale (POS) terminal that is compliant with the Payment Application Data Security Standard (PA-DSS) or Visa’s Payment Application Best Practice (PABP) but if they are not 100% compliant with the PCI DSS, they can still fall victim to this technique.

Additionally, Trustwave has found that smaller merchants continue to make up the largest group of merchants that get compromised. Most of these smaller merchants don’t have an in-house IT staff and therefore rely on third parties to make sure they’re compliant. These third parties often don’t have skilled security experts that can confidently and accurately secure a merchant environment to be in compliance with the PCI DSS. While these smaller merchants don’t make the media headlines, they compromise nearly 99% of all global merchants.

For more information about the white paper, go to https://www.trustwave.com/whitePapers.php .

Source: Company press release.



Reblog this post [with Zemanta]

Disqus for ePayment News