A recent report by Verizon discovered that vendors are still having difficulty trying to fully protect themselves and their liability in credit card processing. This means if your business processes credit cards, and is under 100 employees, you are the target for most breach for online thieves. The report show the results of credit card processing companies, as well as 923 breaches reviewed. This report was nicely summarized in a security professionals blog called Search Security:
– only 21% of those surveyed were fully compliant during initial assessment
– those that were fully compliant mostly fail to maintain the 12 specific PCI requirements
– factors that stray these previously complaint groups include:
new point of sale (POS) systems
acquisition of additional
new processor with a new agreement
– most credit card processors get to about 80% compliance and seem to not complete all 12 steps
For the second year in a row, the number one threat was backdoor access to the network and in turn gaining remote access to the system. This is due to inactive, poor quality or not monitored security endpoints like desktops and other devices on the same network as the credit card processing devices.
The report advises to use more through means of network and endpoint protection, stronger password policies, and changing the default passwords for various credit card processing devices on the network.
This is another example of why both corporate network security and user mobile device security should be regularly monitored and updated to accommodate daily trends and exploits.