The Green Sheet Online Edition
May 29, 2007 • Issue 07:05:02
Restaurants most vulnerable to data breaches
|The majority of cardholder data compromises occur at restaurants and retail locations, according to AmbironTrustWave.
The company, which provides information security and compliance management solutions, investigated nearly 220 of such incidences over the last two years. Its findings revealed the systems and card-acceptance environments most vulnerable to hacking.
Of the brick-and-mortar merchants whose systems were invaded, 95% were using payment applications that stored track data.
Storage of that data is a violation of Visa U.S.A's Payment Application Best Practices (PABP) and the Payment Card Industry (PCI) Data Security Standard.
AmbironTrustWave has found that three main deficiencies at restaurants often lead to data security breaches:
AmbironTrustWave offers a white paper covering data card security issues and best practices for the restaurant industry. For more information, visit http://www.atwcorp.com.
- Cardholder data is stored on an Internet-connected server. (The company considers all systems connected to the Internet high risk. Most compromise cases - 52% - involved DSL or cable modems; 31% had T1 lines and 17% used dial-up connections.)
- Vendor-supplied defaults are used for system passwords.
- POS systems and terminals do not follow the PABP guidelines.
To see a hi-res pdf of the ISOMetrics page click here: ISOMetrics page
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.