Credit and debit-card skimming scams have proliferated in recent years and the PCI Security Standards Council’s (PCI SSC) new guidelines hope to help retailers combat skimmers. But are they enough? The PCI Council’s guidelines focus on risk assessments and self-evaluation forms to help retailers evaluate their overall susceptibility. The guidelines also instruct retailers on how to educate employees that handle the POS devices, as well as how to prevent and identify device compromise.
According to Chris Paget, a security researcher, PCI SSC’s guidelines fail to address key problems that arise with malicious merchants stealing the data and with POS equipment that was tampered at the factory. The latter refers to supply chain attacks, which require a great deal of coordination and were previously thought only be possible with the involvement of a nation state. Security experts believe that terminals should have, at a minimum, intrusion protection technology that disables the hardware if opened; encryption technology; and a way to sound an alarm if an event occurs. Additionally, customers and not merchants should be the ones to swipe their card at the scanner…
Wednesday, September 23, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment