As you’re probably aware, America’ Thrift Stores have announced that it recently learned it was the victim of a malware-driven security breach that targeted software used by a third-party service provider. “This breach allowed criminals from Eastern Europe unauthorized access to some payment card numbers,” the company’s CEO said in a statement. “This virus/malware, is one of several infecting retailers across North America.” Security experts from Tripwire and HP data security reacting to news of yet another retail breach.
[su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Security Analyst for Tripwire :
“The cadence of retail breaches continues and will continue. Unfortunately, even though retailers have started the transition to EMV and are implementing stricter security standards we will continue to see credit card breaches for quite some time. In many cases the vulnerabilities that criminal hackers are targeting are baked into the payment infrastructure and that means it take considerable resources to migrate to more secure solutions.
Many retailers need to implement completely new hardware to support EMV so it might be a good time to reevaluate their security payment systems as a whole. This is especially relevant given the new threats we have seen targeting weaknesses in payment systems.
The implementation of point-to-point encryption and stronger security controls on point-of-sale endpoints are just a two examples of things retailers can do right now to protect their customers.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Mark Bower, Global Director of Product Management for HP Data Security :
“This is yet another hack that underscores the need for companies to protect all of the sensitive information they hold on their customers. Beyond the threat to customers’ sensitive data, companies need to be concerned with the impact such an event can have on their reputation and, ultimately, on their bottom line. Particularly with the transition to EMV, a data-centric approach to security is the key cornerstone needed to allow companies to mitigate the risk and impact of these types of attacks.
Proven methods are available to neutralize this data from breaches. Leading retailers have adopted data-centric security techniques with huge positive benefits: reduced exposure of live data from the reach of advanced malware during an attack, and reduced impact of increasingly aggressive PCI DSS 3.1 compliance enforcement laws, laws aimed at making data security a ‘business as usual’ matter for any organization handling card payment data.
With the available technologies today to protect sensitive data very easily and quickly, it’s a simple matter to cover all your bases to protect consumer trust and satisfaction.”[/su_note]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.