Wednesday, March 19, 2008

Insecure Branch Servers Suspect in Hannaford Breach

Robert Vamosi writes on the C|Net "D3F3NS3 1N D3PTH" Blog:

Details remain sketchy regarding Monday's announcement of 4.2 million credit card and debit cards exposed at a Maine-based supermarket chain. However, public comments made by Ronald Hodge, CEO of Hannaford Supermarkets, suggest that even with recent improvements in payment card transaction security, there may be holes.

The standards organization, PCI Security Standards International, was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International. In October 2007, they implemented the PCI Data Security Standard (PCI DSS), which includes, among other things, network specifications. Dr. Neal Krawetz of Hacker Factor Solutions said that PCI DSS allows for the storage of card numbers and expiration dates on a branch server. And that's what may be been compromised in this case.

More here.

0 Comments:

Post a Comment

<< Home