Breach, Data Security, Network Security

Is the latest Global Payments breach just one of many out there?

I just got off the Global Payments call where they talked about their breach. Their breach seems to be very different than the one Visa issued an alert on. Information presented on the timing windows were different and not reconciled during the Global Payments call (Visa reported the exposure window was January 21, 2012 – February 25, 2012, and Global Payments only reported they self-detected the breach early March), the data that may have been stolen was different (Visa reported Track 1 and 2; Global Payment reported only Track 2), and the reports on fraud (Global Payments said they had not heard about fraud on the stolen cards) are different.

Sounds like there's a lot more going on out there than the payment industry and law enforcement have nailed down and are prepared to talk about.

In the meantime, Global Payments – which was PCI compliant at the time of its breach – is no longer PCI compliant, and was delisted by Visa. Yet they continue to process payments.

What's the takeaway on PCI? The same one that's been around for years. Passing a PCI compliance audit does not mean your systems are secure. Focus on security and not on passing the audit.

This article was originally published on the Gartner website, and is used by permission. Avivah Litan is a vice president and distinguished analyst in Gartner Research. Her area of expertise includes fraud detection and prevention applications, authentication, adaptive access management, identity proofing, identity theft, and other areas of information security and risk. She also covers the PCI compliance program and the security aspects of payment systems.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Related

Data breach compromises STIIIZY customers’ data

Infiltration of the vendor's systems between October and November exposed not only individuals' names, ages, and addresses, but also photographs, medical cannabis cards, driver's license numbers, and passport numbers, said STIIIZY in a breach notice and filing with California regulators that did not detail the number of people whose data had been stolen.

Telefónica hack disclosed following data exposure

Telefónica, which is Spain's leading multinational telecommunications firm, has acknowledged unauthorized access to its internal ticketing system following the exposure of the company's Jira database on a hacking forum by threat actors DNA, Pryx, Grep, and Rey.

Data breach disclosed by BayMark Health Services

Threat actors who infiltrated BayMark's systems from Sep. 24 to Oct. 14 were able to steal individuals' names, birthdates, Social Security numbers, driver's license numbers, insurance details, received services, service dates, and treatment and diagnostic information, said BayMark in breach notices that did not specify the number of people affected by the incident.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BandwidthBlock CipherBridgeBroadcastBroadcast AddressCache PoisoningChecksumCollisionComputer NetworkDomain Name System (DNS)

You can skip this ad in 5 seconds