PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
December 2006

Avoiding Audit Failure: Getting Advice on PCI Compliance Mistakes

They lay out the missteps of others so you can be spared a similar fate. Roger Nebel has seen plenty of payment card industry security violations in his day, but one retail client's transgressions were the worst. The trouble started with the retailer's checkout counter machines, where customers swipe their credit cards, recalls Nebel, director of strategic security for Washington D.C.-based FTI Consulting. The client used two versions of the point-of-sale system in various locations--an older version that didn't encrypt cardholder data, and a newer version that did. Then, the retailer's POS device vendor used a well-known Web-based program to remotely manage several systems with a common user ID and password. Meanwhile, the client failed to log activity on the systems, there was no security monitoring in general, and several sites lacked adequate antivirus software. The environment was ripe for the picking, and one or more thieves eventually lifted credit card data from several locations using a Trojan horse program. "This ...

Access this PRO+ Content for Free!

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

Safe Harbor

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close