If you haven’t heard about it yet, let me introduce you to the encryption flaw, HeartBleed, the largest vulnerability the internet has ever seen. It’s that big (big enough that Canada has temporarily shut down their government sites), and it’s here to make all of our lives difficult. If you’re like me, you probably have dozens of passwords, for dozens of sites that all hold a varying degree of personal information. I personally spent the past five hours changing passwords. Bank accounts, airlines, hotels, social media sites, my dog walker, they all have my personal information. About 66% of the internet was vulnerable to HeartBleed so chances are most of the sites that hold my information were vulnerable too. Pretty much everyone was vulnerable, including but not limited to Google, YouTube, Facebook, and Instagram. The bug affects web servers running Apache and Nginx software. Potentially, the bug could expose otherwise “secure” information like passwords, credit card numbers, etc., that users enter into websites, applications, web email and even instant messages.
As with many aspects of the Internet, conducting business is a continuous series of determining what works best and what does not. Following the unveiling of electronic payment technology, an enormous surge of identity theft cases emerged. Given that the card issuers had the best view of these issues, they inherited the responsibility to secure the identities of those customers.
What is PCI DSS Security?
PCI DSS stands for Payment Card Industry Data Security Standard. It is the collection of standards that merchants who accept credit cards must adhere to in order to ensure that the private information that is contained on the cards remains private. The current version that is available for the collection of standards is 3.0. All companies that are still adhering to the 2.0 standards much switch to 3.0 by December 31 2014.
What is Included in the PCI DSS Security System?
There are several different categories of guidelines that govern how secure different aspects of the card acceptance system need to be. The first category regards building and maintaining a secure network that will be able to accept cards without divulging the private financial information to those with nefarious purposes. In order for all of the requirements to be met, a retailer needs to install a strong firewall to keep out intruders and change all of the passwords from the default passwords that are supplied from the vendor.
Website and domain security is a critical aspect for all to understand. It is often the thought of many that security protocols are reactive rather than proactive. This is far from the actual truth. A strong and secure system is proactive and allows for detection of any wrong doing that could cost company money as well as their reputation.
Listed below are different levels of security that must function cohesively to provide the most in information security:
In the most general of terms, the user is the person that is accessing the website, program, or application. In this, certain credentials should be applied and passed. If these credentials do not pass or are rendered false, access will be denied.
On the surface level, the authenticator is the initial log in interface that allows access to the website. The level of authentication should be changed frequently as it is the first line of defense in the possibility of hacking. This is a little piece of data, often called a token that is included with the credentials of the log in. Authentication can come in two forms. If the token is in a physical form, this is often carried through using an external method such as a barcode, magnetic strip, or biometrics. This token is then carried throughout the process and represents the identity of the user trying to log in.
As if it’s not horrible enough that Target, Neiman Marcus, and a number of other top American retailers have been hit hard by hackers in these past few months, Coca-Cola recently announced that they have suffered a security breach as well. The Coca-Cola security breach compromised 18,000 social security numbers. It’s estimated that nearly all 74,000 Coca-Cola employees were affected. Read more
I saw an incredibly depressing tweet yesterday. A man quoted his eighty year old grandma saying, “I’ll sure be happy when it’s my time to die. The world is falling apart with all of this hacking and credit cards being stolen.” Seriously, America does seem to be in a sad place, so I hate to announce that even more stores have suffered POS system security issues this week. Apparently, the hot thing right now is to plant malware into the point-of-sale terminals and steal credit card information as customers swiper their cards. Michaels, the favorite store of scrapbookers, artists, and crafty people in general, announced on Saturday that they are looking into a security breach. They have not announced whether or not there was a security breach but they believe that there is the possibility of one that might have affected customer’s credit card data. For Full Article: Michaels Stores Is Investigating Data Breach
The nations 3rd largest retailer was hit hard by hackers. Target first announced that the data of 40 million customers was stolen but in recent releases we’ve come to understand that the private information of 70 million was also taken AND to make matters worse Neiman Marcus has stepped forward and admitted that they were hacked as well.
Target’s security breach seems to grow by the minute. First, it was 40 million credit cards and debit cards. Then, they found that data of over 100 million customers was compromised. Now, they’ve discovered that other large retailers such as Neiman Marcus were hit. Target’s sales have dramatically dropped and customers are swearing to pay in cash from now on. Everyone wants answers: Merchants want to know what to do to prevent the same thing from happening to them and customers want to know how to shop safely and securely in the future.
Experts agree that things are going to get worse before they get better for merchants. Some claim that point-of-sale terminal hacking is at epidemic proportions.
The massive Target breach that took place over the holiday shopping season was apparently much larger than the corporation initially thought. The U.S. company issued a statement last Friday that said hackers also made off with the personal information of at least 70 million customers, including names, mailing addresses, telephone numbers and email addresses. Previously, they believed hackers had stole data from 40 million credit and debit cards. They think that the two sets of numbers are likely to overlap but experts are unsure. This could put the number of customers affected over 100 million. Some customers who had not shopped in Target stores between November 27th and December 15th, had their information stolen from a database. Millions of angry customers have taken to social media to express frustration to the corporation for what many perceive as their lax security practices.
Trust Guard, a company that specializes in POS Scanning, says that due to their recent success with Target, hackers will doggedly increase their efforts and continue their attempts to hi-jack POS Terminals to steal client information. Trust Guard is urging merchants to increase their security with POS scans to stop hackers from getting into their systems in the first place.
PCI Compliant POS scanning is required by credit card companies. A PCI scan checks terminals for thousands of vulnerabilities by scanning both web applications and networks remotely and non-intrusively based on the IP address provided. Scans look for threats to operating systems, services and utilities used for financial or other sensitive transactions. A PCI- compliant scan is performed with an advanced scanning engine that will generate a detailed report listing any server and network vulnerabilities. Then the merchant can properly resolve the security risks, helping to protect their system from Hackers, and Malware.
“Small stores are particularly susceptible because they often lack the security that larger corporations have in place, though Target is a prime example that size doesn’t matter. This is why merchants need PCI-compliant POS Scanning. It’s so cheap and effective there is no excuse to not have it. Hackers will always work hard to find new ways to get into a system, either through a vulnerability online or through point-of-sale terminals. Cleanup is a disaster for everyone involved, it’s a lot easier to prevent a hack than to fix the aftermath of one,” said Dave Brandley, co-founder, Trust Guard.
The Target breach has resulted in a huge drop in sales for the nations 3rd largest retailer. “Unfortunately this isn’t going to be the last time. You owe it to yourself and your clients to get all of your card terminals scanned on a regular basis, starting today,” said Brandley.