News
PCI questioned after another data breach and debit, credit cardholder compromise
August 9, 2009
CU Info Security reports that a recent data breach at Internet domain administrator and host Network Solutions compromised more than 573,000 credit and debit cardholders. The incident also raises new questions about the Payment Card Industry Data Security Standard, since Network Solutions had been stamped PCI-compliant before the breach was uncovered in June.
Hackers planted rogue code on the company's Web servers, intercepting financial transactions between the sites and their online-store customers.
Paul Kocher, a research scientist at Cryptography Research Institute, told CU Info Security that PCI attempts to distill security down into a static set of requirements, while adversaries are not restricted to such a rigidly defined set of methods:
 | As a result, clever attackers will always find holes. PCI does provide some value by forcing merchants to put some effort into addressing the most common attacks, but the objective is to reduce total risk — not stop all attacks. |  |
Kocher says the most effective anti-fraud step the U.S. card industry could take would be to adopt smart (EMV) chip cards.
Related Media
SecurityPresented ByDiebold Nixdorf
Presented ByDiebold Nixdorf
Subscribe
Get the latest news and resources from ATM Marketplace.
Recent Posts
Nymeo Federal Credit Union wins recognition as 1 of the best workplaces in Maryland
ParaScript intros verification solution for checks
SEC accuses former ATM businessman Daryl Heller of funneling $185M from investors
Fifth Third named as top veteran friendly employer
DC AG sues Bitcoin ATM operator Athena Bitcoin for allegedly exploiting scam victims
