Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A recent processor breach that was reported by Visa will not reach the scale of the Heartland compromise.
Analysts at iDefense advised that the unidentified payment processor had fallen victim to malicious actors, as publicly confirmed by Visa last week, with MasterCard issuers also purportedly affected by this intrusion.
Rick Howard, director of intelligence at iDefense, claimed that according to web sources, transactions between February and August of 2008 are affected by this incident.
He claimed that the compromised data is believed to only include account numbers and expiration dates, rather than magnetic track data, meaning that the perpetrators will be unable to create counterfeit cards using the stolen credentials, though this does not necessarily indicate that a criminal market will not be generated for this data.
The Alabama Credit Union has reported that fraudulent transactions involving Visa debit and ATM cards compromised in this intrusion have already begun to take place. Transactions typically involve the purchasing of prepaid gift and phone cards, and/or money orders from retail outlets, most often occurring in $100 increments.
Details remain scarce at the present time; however, the Tuscaloosa AV Federal Credit Union, Pennsylvania Credit Union Association, and Community Bankers' Association of Illinois have all issued statements regarding the intrusion.
Richard Brain, analyst at ProCheckUp believes the recent growth in payment processors is due to an unintended consequence of the PCI DSS.
He claimed that this has caused many merchants to outsource their payment processing to payment processors in order to greatly simplify their PCI DSS compliance.
Brain said: "For card criminals, the payment processors are now the obvious targets mainly due to the extreme amount of card data flowing through them, at least additional strict security requirements should be applied to payment processors.
"Two of the recent breaches are reportedly caused by malicious software installed on the network, which captured card data. This can be prevented for now, by requiring all card data within payment processors internal network to be strongly encrypted."
He claimed that it could be best for the PCI council to create a standard secure network architecture, which has been evaluated and found secure for implementation by payment processors. Additional requirements for payment processors, above those normally expected for merchants, could also be created to add further protection.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.