| |
|
|
by Kristyan Mjolsnes @ http://www.secureconnect.com . August 10, 2010 . 5:10PM
Contrary to popular belief, it really isn’t enough to become secure. If you are serious about maintaining your business for the long run, you will have to maintain security — something that is completely different. Maintaining security can get complicated in a world where new security threats are on the horizon all the time, but it’s something that can get easier if you have the right tools.
If you’re serious about securing the important assets of your business, you will need to first start by using a vulnerability assessment to spot critical holes in your infrastructure. From there, you will be able to see exactly what is insecure at the moment, and then fix those problems.
Naturally, you can also take a different approach with a vulnerability assessment by contracting an outside company to not just run the vulnerability assessment for you, but also to generate an action plan based on the report generated from the assessment. This is a great way to delegate your security tasks without worrying about having an insecure system.
No matter what path you ultimately choose, you will need to get started today by getting the vulnerability assessment and seeing if there are any critical holes in your infrastructure. Contact us today!
Filed under: Data Security, Internet Security, PCI Compliance, PCI DSS, PCI SSC, Payment Processing | Tags: Identity theft prevention, information security, Information security practices, Internet Security, Network Security, Outsourcing PCI compliance services, Payment Card Industry, payment cards, Payment Processing, PCI, PCI and QSR, PCI Compliance, PCI DSS, PCI Education, PCI requirements, PCI SSC, SecureConnect, Security and compliance, Security best practices, Security Breaches
by Blake Huebner @ . August 6, 2010 . 11:13AM
A Starbucks employee in Jakarta recently took it upon himself to stock up on iPods purchased with the credit card numbers of customers. According to police sources in Jakarta, the suspect, reprinted daily receipts that included the credit card verification value.
While the fraudster will be prosecuted and serve time, the Starbucks franchise was storing credit card verification codes (presumably after authorization), which is one of the biggest “no nos” in the Payment Card Industry Data Security Standard. The storage of the card verification code is prohibited, along with track data and PIN/PIN block. The franchise should and will be held accountable for storing the information post authorization.
Franchise owners must know what data their point-of-sale system has; it is tough to safeguard or put security and operational measures in place if you are unaware of the data. If you are a franchise owner, take the initiative and do discovery on what data you have. If you are unaware of how to do this, contact your point-of-sale vendor for discovery assistance within the POS or terminal.
Security consultants can also be of assistance and search for data beyond the POS system.
I’ll take a grande latte with that 64GB iPod touch.
Contact us today!
Filed under: Data Security, Internet Security, PCI Compliance, PCI DSS, PCI SSC, Payment Processing | Tags: credit card processing, credit card skimming, credit card verification information, data breach, internal security breach, Internet Security, Network Security, PCI, PCI and Coffee, PCI and Restaurant, PCI Compliance, PCI DSS, PCI SSC, Security best practices, security breach, Starbucks breach, storing credit card information
by Kristyan Mjolsnes @ http://www.secureconnect.com . August 2, 2010 . 12:05PM
Without solid compliance, the systems that a QSR-oriented business relies on to process payments and other tasks for customers could be at risk for a security breach. If a breach were to occur and it was found that the proper QSR PCI compliance principles weren’t being practiced, stiff fines and other consequences could result.
At this point, the goal is to effectively implement PCI compliance solutions for the unique network environment in your store. Security isn’t something that should be complicated, especially if you have many employees that will need to be educated and trained on proper security procedures.
The key is to practice smart delegating measures. If security is not your strong suit, it may be best to bring in a company that specializes specifically in helping companies manage their QSR PCI compliance needs in a way that just makes sense. The best way to move forward is to make sure that you get started right away — don’t delay! Contact SecureConnect today!
Filed under: Data Security, Internet Security, PCI Compliance, PCI DSS, PCI SSC, Payment Processing | Tags: Franchisee PCI Compliance, Identity theft prevention, information security, Information security practices, Internet Security, Network Security, Outsourcing PCI compliance services, Payment Card Industry, Payment Processing, PCI, PCI and QSR, PCI Compliance, PCI DSS, PCI Education, PCI requirements, PCI SSC, SecureConnect, Security and compliance, Security best practices
by Kristyan Mjolsnes @ http://www.secureconnect.com . July 30, 2010 . 10:22AM
Unveiling a new logo and completely redesigned website earlier this week, SecureConnect has revitalized its brand to reflect differentiation and leadership in the industry. Specializing in PCI compliance and security solutions, the company has more strongly positioned itself through strategic rebranding that includes renewed design and delivery of communication. Focusing on security as the fundamental source of proper compliance, SecureConnect revisited its tagline, determining that “Security. Compliance. Control.” more strongly communicates its approach to network security and PCI compliance. With a solution unmatched in the industry, the rebranding effort reinforces the commitment SecureConnect delivers to its customers.
In tandem with its logo redesign, the company examined its online presence and how it could be improved. Launching a more user-friendly website, SecureConnect hopes information will be more easily accessible to customers. The wealth of educational information and valuable resources available through SecureConnect.com is intended to benefit business owners, acquiring bank partners and integration vendors.
As the SecureConnect brand continues to evolve its solution with the ever changing PCI standards, the rebranding effort attempts to keep its image in line with these changes.
Contact us to learn more!
Filed under: Data Security, Internet Security, PCI Compliance, PCI DSS, PCI SSC | Tags: Brand Identity, Information security practices, Internet Security, Network Security, New website SecureConnect, Outsourcing PCI compliance services, Payment Card Industry, PCI, PCI and QSR, PCI Compliance, PCI DSS, PCI Education, PCI requirements, PCI SSC, SecureConnect, SecureConnect Rebrand, Security and compliance, Security best practices, Security Compliance Control, Website Redesign
by Blake Huebner @ . July 29, 2010 . 12:10PM
Hell Pizza, a New Zealand based pizza chain, recently sent out an email to its 230,000 customers to change their passwords. They believe that they have suffered a breach, but cannot yet identify the attack vector (this could be a rogue employee or poorly designed website).
While I applaud Hell Pizza for notifying their customers, since web users typically use the same email and password for websites they authenticate to, they didn’t adequately protect the information to begin with. According to sources at risky.biz, the hackers have obtained private information including passwords, email and home addresses and phone numbers, in addition to order information. Apparently, no cardholder data was obtained.
Merchants are continually trying to enhance the user experience by offering such services as online ordering. However, this can be a disservice to your customers if not properly implemented, as in the case of Hell Pizza. Developing a web site with insecure coding is a poor way to conduct business.
While representatives from Hell Pizza indicated that cardholder data wasn’t breached, it would seem likely that the online payment card flow would put their servers in scope for PCI. Vulnerability scanning, as conducted by an ASV (of which BHI SecureConnect is one) should have shown the SQL injection vulnerability (as reported by risky.biz). In addition, validation by completing the Self Assessment Questionnaire would indicate that one cannot provide direct database access from the internet (mySQL was reportedly listening on the public side), among many other violated requirements.
Hell Pizza should have conducted due diligence in assessing their security posture, and if in scope for PCI, have a contractual obligation to fulfill the PCI requirements.
This should also serve as a lesson for consumers to not use the same password for the websites that you access. A breach could potentially allow access to online banking and other personal records. Use a password databases, such as the open source (ie free) KeePass Password Safe, to keep your passwords safe and straight.
Filed under: Data Security, Internet Security, PCI Compliance, PCI DSS, PCI SAQ, PCI SSC, Payment Processing | Tags: Hell Pizza Breach, Identity theft prevention, information security, Information security practices, Internet Security, Network Security, Payment Card Industry, PCI, PCI and QSR, PCI Compliance, PCI DSS, PCI requirements, PCI SSC, Pizza Chain Breach, Pizza PCI Compliance, SecureConnect, Security and compliance, Security best practices, Security Breaches
|
|
|
