SecurityRatty: tag: cardholder

Finished? Where should I start?

2008-07-01 00:00:00 by Brad Davenport in Speaking of Security, the RSA Blog and Podcast

...cardholder data and infrastructure. Simply put, you can't secure what you don't manage and you can't manage what you don't know about. Before you go looking for all instances of cardholder data, you must be prepared to find more than expected Most merchants are aware of the cardholder data in their database(s). But what about payment...

Tags: data, cardholder data, credit card information, customer service reps, pci compliance, payment applications, absolutely critical, temporarily store, payment portals

Links for 2008-01-30 [del.icio.us]

2008-01-31 00:00:00 by Editor in Anton Chuvakin Blog -

...cardholder data. PCI is not meant to bake you bread or do anything other than protect cardholder data

Tags: enter encryption passphrase, encryption passphrase, security, security paradigm, protect cardholder data, data, webapplication security, passphrase, pci

Got Sopranos? Yet another thing I did not know as much about

2007-11-26 20:55:00 by Manu Namboodiri in Data Protection, Management and Leakage

...cardholder data a target in this illegal and very organized crime business. For companies handling cardholder data, being fully PCI compliant in spirit and letter is the best way to foil this There still will be breaches, but lets at least make the risk/reward and amount of work/reward ratios skewed enough to make it not worth their while

Tags: cardholder data, crime business, crime, card swipe data, recent trip, visa gold, breaches, nefarious goals, arms dealers

Chip & PIN terminals vulnerable to simple attacks

2008-02-26 20:33:32 by Saar Drimer in Light Blue Touchpaper

...cardholder data. Our paper will be published at the IEEE Symposium on Security and Privacy in May, though an extended version is available as a technical report . A segment about this work will appear on BBC Twos Newsnight at 22:30 tonight We were able to demonstrate that two of the most popular PEDs in the UK the Ingenico i3300 and Dione...

Intrusion at Okemo Mountain Resort exposes customers

2008-04-01 20:44:59 by Evan Francen in The Breach Blog

...cardholder names, account numbers and expiration dates Breach Description Okemo Mountain Resort said Monday that hackers broke into its computer network and potentially gained access to credit card data from 28,168 transactions between Feb. 7 and Feb. 22 and 18,401 credit cards between January and March 2006 Reference URL Okemo Mountain...

Tags: okemo, okemo mountain resort, okemo leadership, okemo ridge road, evan okemo, okemo promptly, evan, data, credit data

Do you trust the merchants to protect your credit cards?

2007-12-11 09:01:26 by Khalid Kark in Security & Risk Management

...cardholder data at risk; i.e., transferring card numbers on invoices, writing purchase orders, copying credit card numbers on slips of paper, etc. Merchants will continue to come across sensitive data and will continue to do things that will put the data at risk for convenience, record keeping, and marketing. PCI has its shortcomings, but one...

Tags: card industry, card, payment card industry, credit card, merchants, credit card companies, provide merchants, merchants change, security

KimsCrafts e-commerce breach affects 4,500

2007-12-14 16:08:39 by Evan Francen in The Breach Blog

...cardholder's information and complying with the security standards put forth by the credit card association, KimsCrafts will also launch a new e-commerce in the future, with security as the chief concern If fraudlent charges appear on your credit card, you should also file a police report with your local law enforcement agency. You should...

Tags: kimscrafts, breach, e-commerce, credit file, credit, credit card data, kimscrafts e-commerce site, data, data security firm

S&K Menswear two-phased attack

2008-01-03 10:40:36 by Evan Francen in The Breach Blog

...cardholder name, and expiration date were already obtained in the first phase. This spear phishing attack now aims to get the CVV2 code, which makes this much more valuable to the attacker. I am curious about how many people actually fell for this second phase Once notified, S&K immediately assembled a response team to assess the...

Tags: information, personal information, information security practices, notification, information security, breach notification letter, sample customer letter, credit card, credit card data

Got advertisement? Maybe you should shout your PCI compliance from the rooftops!

2007-11-30 14:57:00 by Manu Namboodiri in Data Protection, Management and Leakage

...cardholder data. They are not here for the glory and peer recognition from other hackers, by breaking into a trophy account. In fact, if you advertise the fact you are PCI compliant, I think it will deter them from attacking you - you dont store swipe or card data anywhere (or the data is encrypted). Why should they even bother when there are...

Tags: data, card data, data safe, customer data, pci compliance, pci compliant, consumers care, consumers, cardholder data

PCI compliance are you just checking the box?

2007-11-14 22:05:00 by Patrick McGregor in Data Protection, Management and Leakage

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo