Subscribe

Managed Video as a Service

The place to learn about and discuss Managed Video as a Service

6

Aug

Why do retailers care about PCI again?

msteinfort  in PCI Compliance and Video

Just check out the attached article on CNN that highlights how 40 million credit card numbers were stolen from about a dozen retailers.

The flaw that was exploited to get this credit card information was in the retailers local area network. The article indicates that the criminals put sniffers on the companies’ wireless in-store networks and were able to syphon off millions of credit card numbers. As the article is talking about the prosecution of the crooks, the actual crimes likely took place years ago, which means that all of these retailers have probably completely buttoned up their store networks to ensure this type of thing doesn’t happen again.

Think any of these companies are going to let a non-PCI compliant video service (or digital signage, or Musak or any other network-based service) run on their local store networks? MVaaS and traditional providers alike had better get moving towards PCI compliance or risk not making it out of the starting gate with retailers in the future.

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

2 Responsed To This Post

Subscribes to this post comment rss or trackback url
mygif_alt
dloher said, August 7th, 2008 at 12:16 pm

Until recently, this type of problem was not even required to be disclosed. I understand a lot of states enacted laws requiring disclosure of such compromises back in 2006 when some major events like this one were disclosed. Currently 39 states had some form of security breach laws according to the Public Interest Research Groups website on Identity Theft Protection. Hope you don't live in one of the 11 that don't. ” target=”_blank”>http://www.uspirg.org/financial-privacy-security/... There are some crazy stories out there that I get from a few security projects I've worked myself in the past, but mostly through some of my insider contacts in the IT security industry. For example, there was a bank about 2 years ago which had been breached for over 12 months before they detected the problem. I say over 12 months because the bank didn't t have audit trails going back further than that. In addition, due to numerous technical issues (primarily the lack of sufficient accounting, time tracking and insufficient layers of security), it was not even possible to forensically detect which systems had been compromised or how the problem even occurred in the first place.

mygif
dloher said, August 7th, 2008 at 12:16 pm

Until recently, this type of problem was not even required to be disclosed. I understand a lot of states enacted laws requiring disclosure of such compromises back in 2006 when some major events like this one were disclosed. Currently 39 states had some form of security breach laws according to the Public Interest Research Groups website on Identity Theft Protection. Hope you don't live in one of the 11 that don't. ” target=”_blank”>http://www.uspirg.org/financial-privacy-security/... There are some crazy stories out there that I get from a few security projects I've worked myself in the past, but mostly through some of my insider contacts in the IT security industry. For example, there was a bank about 2 years ago which had been breached for over 12 months before they detected the problem. I say over 12 months because the bank didn't t have audit trails going back further than that. In addition, due to numerous technical issues (primarily the lack of sufficient accounting, time tracking and insufficient layers of security), it was not even possible to forensically detect which systems had been compromised or how the problem even occurred in the first place.

Response To This Topic

Please Note: The comment moderation maybe active so there is no need to resubmit your comment