GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

PCI: The 'little engine that could' gains steam


Industry Update

Eureka! HMS has conference hosting down

Visa muscles to squelch risk

Interchange under attack

Visa identifies apps storing sensitive data

Restaurants most vulnerable to data breaches


Mind on the ATM money

Tracy Kitten

Industry Leader

Kim Fitzsimmons –


Payments: A very large space

Patti Murphy
The Takoma Group


Street SmartsSM:
To certify or not to certify: That is the MLS question

Dee Karawadra
Impact PaySystem

What if my ISO tanks?

Adam Atlas
Attorney at Law

Ten myths muddling PCI mastery

Ross Federgreen

Statement analysis for cave men

Jason Felts
Advanced Merchant Services Inc.

Getting wise to wireless security

Joel and Rachael Rydbeck
Nubrek Inc.

Help desk quality check

Biff Matthews
CardWare International

Company Profile

WAY Systems Inc.

Premier Payment Systems

New Products

No-brainer protection on smart cards

Smart Card Guard
National Envelope Corp.

Fort Knox for merchant data

3Delta Systems Inc.

A new Vu of IP device management

NetVu version 2.3
Precidia Technologies Inc.


What about you?



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

May 29, 2007  •  Issue 07:05:02

previous next

Restaurants most vulnerable to data breaches

The majority of cardholder data compromises occur at restaurants and retail locations, according to AmbironTrustWave.

The company, which provides information security and compliance management solutions, investigated nearly 220 of such incidences over the last two years. Its findings revealed the systems and card-acceptance environments most vulnerable to hacking.

Of the brick-and-mortar merchants whose systems were invaded, 95% were using payment applications that stored track data.

Storage of that data is a violation of Visa U.S.A's Payment Application Best Practices (PABP) and the Payment Card Industry (PCI) Data Security Standard.

AmbironTrustWave has found that three main deficiencies at restaurants often lead to data security breaches:

  1. Cardholder data is stored on an Internet-connected server. (The company considers all systems connected to the Internet high risk. Most compromise cases - 52% - involved DSL or cable modems; 31% had T1 lines and 17% used dial-up connections.)
  2. Vendor-supplied defaults are used for system passwords.
  3. POS systems and terminals do not follow the PABP guidelines.
AmbironTrustWave offers a white paper covering data card security issues and best practices for the restaurant industry. For more information, visit
ISOMetrics: Restaurants most vulnerable to data breaches
To see a hi-res pdf of the ISOMetrics page click here: ISOMetrics page

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios