April 01, 2012

Clues from the Global Payments Breach

Another mega breach headlines last week.  Though no one can say yet what happened, as usual the press statements offer some possibilities.

What is the most important clue?  Visa and Mastercard claim (in their warning to banks) that the full Track data from the card was obtained. This is an interesting piece of information as Track data is not available for web based transactions.  In fact, Track data is only available when the credit card is swiped. It means that the source of the data is point-of-sale devices rather than Internet transactions.  

What about PCI compliance?  Track data storage is forbidden according to PCI-DSS. So either Global Payments are not in compliance with PCI-DSS or the attackers were able to sniff transactions over a network.


Authors & Topics:

Share on LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.