Cyber criminals are taking aim at smaller merchants who are less likely to be compliant with PCI standards, according to a recent Verizon Business report by Jen Mack, a former member of the PCI Security Standards Council. The report found that the most common attack methods are malware and hacking, SQL injections, and exploitation of default or guessable credentials. Most data breaches happen because merchants fail to make sure that security mechanisms are properly deployed.
Mack says Level 3 and Level 4 retailers are being targeted by cyberthieves looking to steal credit card data, and they require more education on PCI compliance as they constitute the largest retailer segment. The council’s plans for further education and a compliance push include a microsite for Level 3 and Level 4 merchants, which will be rolled out at the same time the final draft of the new PCI standard is issued at the end of October. Mack says merchants must place a priority on avoiding the failure to engage with their bank about PCI compliance.
Fully compliant organizations follow a number of best practices, including building security into business processes from the outset, keeping compliance and security aligned, incorporating PCI activities into daily business operations, and keeping data under close control.
From “PCI: Smaller Merchants Threatened”
BankInfoSecurity.com (10/19/10) McGlasson, Linda
Link to the full article on BankInfoSecurity’s site http://www.bankinfosecurity.com/articles.php?art_id=3019