Payment Card Attack Could Be Worth $3.3M

By   ISBuzz Team
Writer , Information Security Buzz | Oct 25, 2022 05:40 am PST

It has been reported that a PoS payment card attack involving a pair of malware variants was used to steal more than 167,000 payment records from 212 infected devices mostly in the U.S. 

Full story: Researchers uncover more than 167,000 stolen credit card numbers, primarily from the U.S. – CyberScoop

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Erfan Shadabi
Erfan Shadabi , Cybersecurity Expert
October 25, 2022 1:40 pm

Malware is just one click away. The two most important things an organization can do are a) to spread cybersecurity awareness and to use a zero-trust approach to make sure that users only get access to sensitive data, when they have the permission and only when it is absolutely necessary. And b) protect the data! Sure, traditional encryption methods are a consideration, but some algorithms can be easily cracked, and key management and other operational concerns make plain data encryption unattractive. Keep in mind that encrypted information does not possess the original format of the data, so enterprise applications either must be modified, or the data must be de-protected. Neither option should be acceptable. Using a stronger, more flexible data-centric method such as tokenization means that data format can be preserved while sensitive data elements are obfuscated with representational tokens. Enterprise applications support tokenized data much better, skirting the need to de-protect the information in order to work with it within a corporate workflow.

Last edited 1 year ago by Erfan Shadabi

Recent Posts

Would love your thoughts, please comment.x