Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

UK retailers warned to look beyond compliance

Lumension Security : 19 August, 2009  (Technical Article)
Compliance doesn't make card payment systems invulnerable according to Lumension, as illustrated by high profile Heartland hack in the USA
The International hacker indicted for stealing data from 130 million credit and debit cards proves that compliance doesn't make you immune to risk, says Andrew Clarke, Senior Vice President, Lumension.

"The arrest of hacker Albert Gonzalez for the data breach that affected US card payment processor Heartland Payment Systems may be a victory for officials combating cyber crime, but it is also a stern warning to retailers that being compliant by no means creates immunity to vulnerabilities.

"What is interesting is that the latest victim, Heartland, was declared PCI compliant by the QSA (Qualified Security Assessor) shortly before the breach took place. The question now is not whether the QSA is negligent in leaving Heartland exposed (in fact, the QSA contractually insulated for liability) or if Heartland was negligent in its security practices. The issue is that Heartland is paying the price for the breach - reportedly 32 million dollars in recovery efforts.

"Criminals like Gonzalez, who was also accused of stealing customer data from TK Max in 2006, will always try to exploit retail vulnerabilities and retailers to make fraudulent debit card and credit card purchases. UK retailers should take heed and use Heartland Security Systems to learn the valuable lesson that, while a good external audit can provide insight they can't rely on this for a thorough security risk assessment. Every company needs to take full responsibility for their security stance - there is simply too much at stake to assume a compliance audit equates with full operational endpoint security."

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo