CardSystems breach renews focus on data security

The massive scope of the security breach at CardSystems Solutions is sure to result in an increased focus on upcoming data-protection requirements being pushed by MasterCard International and Visa U.S.A., analysts said Monday.

The standard is called the Payment Card Industry Data Security Standard, or PCI, and it goes into effect on June 30.

It lists 12 items that all retailers, online merchants, data processors and other businesses that handle credit card data will have to meet, and it sets technology mandates, including requirements that data encryption, end-user access control and activity monitoring and logging systems be used. PCI also includes procedural mandates, such as one requiring the implementation of formal security policies and vulnerability management programs.

Late Friday, MasterCard announced that a hacker was able to access as many as 40 million credit card numbers by infiltrating CardSystems Solutions' network. The company processes payment data for MasterCard and other companies. MasterCard said it had notified banks that issue its credit cards about the breach. Those banks will be responsible for notifying customers..

The size of the breach is bound to result in a tougher enforcement of the new rules, said Michael Petitti, a senior vice president at Ambiron Trustwave, a Chicago-based provider of security services for the credit card industry. "The PCI standard is germane to every entity that handles cardholder information, regardless of where they are in the value chain," Petitti said.

Achieving and maintaining compliance with the rules -- which are already in effect for large companies -- will become an absolute must, Petitti said.

"The card associations are very serious about this and have been very good about communicating their requirements," he said. "You are sure to see more attention because of incidents like these."

"This is likely to be a seminal event," said Ted Julian, vice president of product management at Application Security Inc. in New York. "With PCI, I think we will see an emphasis that goes beyond fines," he said. "Over time, we will start to see credit card associations get more tough about how they implement these things."

Avivah Litan, an analyst at Gartner, said the high publicity given to recent data breaches has been spurred in part by California's disclosure law. That law mandates the reporting of data breaches so customers can better protect and defend themselves against their personal information being stolen.

"I think the thing that's going on is the credit card industry has been asleep at the wheel here and is not enforcing their own standards," Litan said. PCI includes strong requirements for network intrusion detection, regularly scheduled testing, file integrity monitoring systems and more, she said.

Dan Keldsen, a security analyst at Delphi Group, said the latest incident could finally force a shift in corporate attitudes and bring about real changes in data security methods.

"There's an awful lot of pantless corporations out there" after a recent string of data breach incidents involving Bank of America, ChoicePoint, the University of California at Berkeley and others, Keldsen said. "I guess it's going to get worse before it gets better, because there's really no hiding it anymore."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Todd R. Weiss

Computerworld
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?