Tags Archivesbreach

Swing and a Miss: Target and the Council Respond standard

I happened upon the Council’s news page today and saw a couple of great attention grabbing headlines entitled, Time for Smartcards and PCI Council Responds to Critics. I found both of these interesting given the landscape of breaches we have seen over the last couple of months, but I found that both missed key points in their communication. Let’s start with the Council’s response. First, we should be clear. What Russo is saying is absolutely accurate. The majority of breaches that happen, including the Target one, happen due to basic security failures that are already covered in the standard. Go take a look at requirement 8.3 and 8.5.6.b which directly address the latest disclosures surrounding the event. I also agree ...

Continue Reading

What the Leaked Target PIN Data Actually Means for You standard

Before you read this, consider checking out my first post on the Target breach. Payment systems are complex. If you have ever assessed one or looked under the curtains going all the way back to the issuer, you know this. So it is not a surprise that there is a ton of misinformation flying around about the PIN data that Target admitted was taken. Before we get to far down the road here, I want to review a few items to make sure we’re all on the same page. First, let’s talk about track data. The type of data in the magstripe on the back of your card is sensitive, which is why PCI Requirement 3.2 forbids storing it. I’ve ...

Continue Reading

Where’s the Breach? standard

All we need to top off this post is a little old lady screaming “Where’s the Breach?” God bless 80’s marketing. A merchant out of Austin, Texas is claiming that a breach in their network came from Heartland Payment Systems (HPS), thus it must be their fault. While I am sure this is not the first merchant to be caught off guard, he’s certainly a creative one. Our culture in America seems to relish deflecting blame from oneself on to others. Why, it couldn’t be me, it must be that guy over there. What’s interesting about this particular case is that the quotes in the article are being interpreted in a manner that is inconsistent with these kinds of breaches ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!