Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

5 Types of Data Breaches Caused by Lack of PCI Compliance

420 views

Published on

Top Patch delivers information security products to reduce risk, increase data security and ensure compliance. TopPatch's Remediation Vault™ is the industry’s first peer-to-peer patch distribution product. Even with existing patch management solutions, Remediation Vault ensures completeness, coverage and speed so that vulnerabilities are patched before hackers can exploit them. With Remediation Vault, the vulnerabilities in the software installed on Unix, Linux, BSD, OSX and Window’s operating systems are up to date with the newest security patches.

TopPatch services include HIPAA/HITECH compliance management, PCI compliance management, intrusion detection/prevention systems, forensics, end-to-end data privacy compliance management, vulnerability assessment and management, log monitoring and management, FFIEC, GLBA, NCUA, NERC, and SOX compliance.

Published in: Business
  • Be the first to comment

  • Be the first to like this

5 Types of Data Breaches Caused by Lack of PCI Compliance

  1. 1. 5 TYPES OF DATABREACHES CAUSED BY LACK OF PCI COMPLIANCE
  2. 2. Top Patch delivers information security products that reduce risk, increase data security and ensure compliance. • Remediation Vault™: first peer-to- peer patch distribution product. • Vulnerabilities patched before hackers can exploit them. • Unix, Linux, BSD, OSX and Windows OS protected with newest security patches. www.toppatch.com Email: alex@toppatch.com • Twitter: @toppatch©TopPatch • All Rights Reserved 349 Fifth Avenue, New York NY 10016, (646)
  3. 3. 5 Types of Data Breaches Caused by Lack of PCI ComplianceOverview • Four merchant levels based on transaction volume over one year. • Aggregated number of transactions across all merchant DBAs and across all cards. • Vulnerability assessment: merchant systems checked by an approved vendor to determine level of susceptibility to data security breaches. • If merchant stores cardholder data post- authorization and if the processing systems have internet connectivity, a quarterly scan by approved PCI scanning vendor is required.
  4. 4. 5 Types of Data Breaches Caused by Lack of PCI ComplianceData breach #1: magnetic stripe data storage • Most common type • Merchant or service provider store highly sensitive information encoded on magnetic stripe: direct violation of PCI Data Security Standards. • POS may store these data without merchant’s knowledge.
  5. 5. 5 Types of Data Breaches Caused by Lack of PCI ComplianceData breach #2: Missing/outdated securitypatches • Involves some form of hacking • Hacker exploits merchant’s failure to install security patches and enters into the system.
  6. 6. 5 Types of Data Breaches Caused by Lack of PCI ComplianceData breach #3: using vendor-supplied defaultpasswords and settings • Merchants get POS software and hardware from vendors. • Vendors install these at merchants’ premises using default passwords and settings. • Merchants do not change passwords and settings.
  7. 7. 5 Types of Data Breaches Caused by Lack of PCI ComplianceData breach #4: SQL injection • Technique used by hackers to exploitweaknesses in the coding of web-based applications. • Used to attack merchants’ internet applications, often involving shopping carts.
  8. 8. 5 Types of Data Breaches Caused by Lack of PCI ComplianceData breach #5: Use of vulnerable serviceson merchants’ servers • Servers used by merchants are often shipped with vulnerable services and applications that enabled by default. • Merchants not aware: since most services are not required by merchant, security upgrades are ignored. • Technique used by hackers to exploitweaknesses in the coding of web-based applications. • Used to attack merchants’ internetapplications, often involving shopping carts.
  9. 9. Top Patch delivers information security products that reduce risk, increase data security and ensure compliance Request a free trial of the Remediation Vault for Best-In-Class Patch ManagementAlexEmail: alex@toppatch.com(646) 664-4265349 Fifth Avenue, New York, NY 10016www.toppatch.comTwitter: @toppatch

×