In a move that seems to reflect a very different PCI approach coming from Visa, the world's largest card brand has ripped the PCI approval from two Ingenico PIN entry devices (PEDs) after a data breach. What makes this move especially interesting is how it undercuts two strongly held Visa positions, both in terms of publishing the names of vendors whose products are engaged in PCI naughtiness and in its position that no PCI-compliant retailer has ever been breached.
Behind all of this commotion are an increasing number of physical attacks against PEDs, sort of "cloners gone wild." Many of the compromised units are older (a Visa memo said "many are more than 10 years old and were never evaluated by an independent lab or approved by Visa or PCI"), but some were in a Visa pre-PCI phase and some—and here's where things get interesting—had actually been PCI approved. Read more.
