Tag Archives: payment

The PCI Lessons From Google’s Employee Data Breach

When Google this month fired a programmer for using the search giant’s database to investigate an intriguing teenager, it showed that even the most sophisticated and respected technology brands can have a trusted employee go rogue. This lesson should not be lost on retail executives, who may rely on several third-party service providers to process or analyze their payments.

via StorefrontBacktalk » Blog Archive » The PCI Lessons From Google’s Employee Data Breach.

Discover to get $5M from Heartland for ’08 data breach

Heartland Payment Systems has agreed to pay $5 million to Discover to settle claims arising from the massive data breach disclosed by the payment processor last year.

In a brief statement on Wednesday, the Princeton, N.J.-based Heartland said the settlement “resolves all issues” between the two companies stemming from the intrusion.

via Discover to get $5M from Heartland for ’08 data breach.

Hotel systems breached and card info stolen all over the U.S.

The payment system at a number of properties of HEI Hospitality – the hospitality operator that runs over 30 upscale hotels across the U.S. under brand names as Marriott, Hilton, Sheraton and others – has been breached and card data of some 3,400 customers has been compromised, says Databreaches.net.

via Hotel systems breached and card info stolen all over the U.S..

Roundup of largest data breaches / incidents

records date organizations
130,000,000 2009-01-20 Heartland Payment Systems, Tower Federal Credit Union, Beverly National Bank
94,000,000 2007-01-17 TJX Companies Inc.
90,000,000 1984-06-01 TRW, Sears Roebuck
76,000,000 2009-10-05 National Archives and Records Administration
40,000,000 2005-06-19 CardSystems, Visa, MasterCard, American Express
26,500,000 2006-05-22 U.S. Department of Veterans Affairs
25,000,000 2007-11-20 HM Revenue and Customs, TNT
17,000,000 2008-10-06 T-Mobile, Deutsche Telekom
16,000,000 1986-11-01 Canada Revenue Agency
12,500,000 2008-03-26 LaSalle Bank, BNY Mellon Shareowner Services, Archive Systems Inc, The Walt Disney Company, SYNOVUS

Visa offers new guidance on securing payment applications – Computerworld

Visa on Tuesday announced a set of security best practices for vendors of payment applications and for the systems integrators and resellers responsible for implementing and managing them.

The guidelines are designed to address continuing vulnerabilities in the payment chain stemming from insecure implementations of the applications that are used in credit and debit card transactions, according to Eduardo Perez, Visa’s head of global payment system security.

via Visa offers new guidance on securing payment applications – Computerworld.

Visa Provides Guidance on Secure Implementation and Management of Payment Applications — SAN FRANCISCO, Aug. 24 /PRNewswire/ —

Visa today announced global industry best practices for payment application vendors, integrators and resellers that implement, install or manage payment-related systems on behalf of merchants. The best practices developed by Visa in collaboration with the SANS Institute are designed to complement the Payment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS).

via Visa Provides Guidance on Secure Implementation and Management of Payment Applications — SAN FRANCISCO, Aug. 24 /PRNewswire/ —.

Revisions to credit card security standard on the way

It’s going to be called the Payment Card Industry Data Security Standard 2.0, and the full-blown text of this upcoming standard that governs how businesses must guard sensitive cardholder information on their networks will be out at the beginning of September, according to the organization in charge of it.

via Revisions to credit card security standard on the way.

Visa Clarifies Security Rules

This week Visa Inc. said it’s going to reduce unnecessary storage of sensitive card information in merchant payment systems. Specifically, Visa is clarifying that existing operating regulations ensure acquirers and issuers allow merchants to present a truncated, disguised or masked card number on a transaction receipt for dispute resolution in place of the full 16-digit card number.

“By reducing the amount of vulnerable data in merchant systems that must be protected from compromise, merchants can see greater security as well as more streamlined compliance needs,” said Visa’s Eduardo Perez, head of global payment system security, in a statement.

via Visa Clarifies Security Rules.