Tuesday, February 24, 2009

PCI-DSS compliant payment card processors targeted

Two articles worth reading.

Here:

"What concerns me is that Visa and MasterCard, they clearly know who it is," Shettler said. "That just won't say anything because the processor hasn't come clean. The sort of feel it gives people is that Visa and MasterCard are covering for some unnamed organisation."

and here:

"This is clear evidence to me that the criminals know how to bypass the traditional security controls in place today," Litan said. "It's clear that they're targeting the processors now because there's much more data there. [Processors] are more centralized and the thinking is that more attention is paid to their security, but they are at the nerve center of processing systems."

I hope these guys are implementing real (paranoid level) security given they're operating in high risk environments and not paying lip service to the PCI DSS standard.

- J.

No comments: