Wednesday, December 16, 2009

Firms failing on PCI DSS

A huge 81% of organizations that are subject to the Payment Card Industry’s Data Security Standard (PCI DSS) were found to be non-compliant prior to a data breach, according to a new study.

But according to telco Verizon Business’ Risk team, which published the findings, a “fairly new” threat in the shape of RAM scrapers is increasingly being used by online thieves to bypass PCI DSS rules requiring credit card data to be encrypted anyway.

The company’s 2009 Data Breach Investigations Report found that 74% of security incidents were the result of external attacks. Such events resulted in a huge 285 million records being compromised over the last year - mainly via online systems.

Only 20% of data breaches were caused by insiders, 32% by business partners and 39% by multiple parties. Some 67% of the incidents occurred because the attacker exploited errors made by the victim, while a further 64% were the result of hacking and 38% of malware.

But in its 2009 Supplemental Report called Anatomy of a Data Breach, Verizon Business also pointed to the rising threat of RAM scrapers. infosecurity

No comments:

Post a Comment