GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

PCI: The 'little engine that could' gains steam

News

Industry Update

Eureka! HMS has conference hosting down

Visa muscles to squelch risk

Interchange under attack

Visa identifies apps storing sensitive data

ISOMetrics:
Restaurants most vulnerable to data breaches

Features

Mind on the ATM money

Tracy Kitten
ATMmarketplace.com

Industry Leader

Kim Fitzsimmons –

Views

Payments: A very large space

Patti Murphy
The Takoma Group

Education

Street SmartsSM:
To certify or not to certify: That is the MLS question

Dee Karawadra
Impact PaySystem

What if my ISO tanks?

Adam Atlas
Attorney at Law

Ten myths muddling PCI mastery

Ross Federgreen
CSRSI

Statement analysis for cave men

Jason Felts
Advanced Merchant Services Inc.

Getting wise to wireless security

Joel and Rachael Rydbeck
Nubrek Inc.

Help desk quality check

Biff Matthews
CardWare International

Company Profile

WAY Systems Inc.

Premier Payment Systems

New Products

No-brainer protection on smart cards

Smart Card Guard
National Envelope Corp.

Fort Knox for merchant data

CardVault
3Delta Systems Inc.

A new Vu of IP device management

NetVu version 2.3
Precidia Technologies Inc.

Inspiration

What about you?

Departments

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

May 29, 2007  •  Issue 07:05:02

previous next

Visa identifies apps storing sensitive data

Visa U.S.A. wants merchants and service providers to stop using payment applications that store sensitive cardholder data, a practice that makes them targets for data breaches. To get the word out, the card Association published a list of those applications, as well as upgrades for preventing data retention.

In April, Visa identified applications from six vendors needing attention: ICVerify Inc., Menusoft Systems Corp., Micros Systems Inc., Posera Software, Radiant Systems Inc. and Southern DataComm Inc.

The products are considered risky because they store prohibited cardholder data - such as full magnetic stripe (tracks 1 and 2), CVV2 (card verification value) and PIN data - after a transaction authorization occurs.

Visa said unscrupulous hackers will seek out such systems and exploit vulnerabilities to access the data.

Noncompliant payment applications are "an unacceptable risk to ... the entire payment system," Visa stated. "When driving merchants toward payment applications, agents should ensure the application has been validated against Visa's PABP [Payment Application Best Practices]."

The PABP, released in 2005, is a set of requirements for developing secure products that support compliance with the Payment Card Industry Data Security Standard and do not store prohibited data.

Visa advised merchants and service providers using any of the applications listed to install a vendor-supplied patch or to upgrade to a Visa-approved application (a list is posted at www.visa.com/cisp).

The card Association also warned that merchants should wipe "from all systems immediately" any stored full track data.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Electronic Merchant Systems | Board Studios