Web Design

Your content goes here. Edit or remove this text inline.

Logo Design

Your content goes here. Edit or remove this text inline.

Web Development

Your content goes here. Edit or remove this text inline.

White Labeling

Your content goes here. Edit or remove this text inline.

VIEW ALL SERVICES 

Discussion – 

0

Discussion – 

0

Heartland to pay Amex $3.6m for massive payment breach

In a recent development, Heartland Payment Systems will pay American Express $3.6m to settle claims related to the criminal breach of its payment processing network last year.

During this security incident, which is disclosed by HP in January 2009, (incident took place during 2008) millions of credit card data has been stolen exploiting the security vulnerabilities in the web sites. Albert Gonzalez AKA .segvec,. .soupnazi. and .j4guar17 has used the SQL injection techniques to steel the card data. As the SQL injection techniques exploits the web application vulnerabilities, the firewall protection was not adequate or rather it can bypass the conventional network firewalls. The decade-old technique exploits web applications that fail to adequately scrutinize text that visitors type into search boxes and similar website fields that accept user-supplied input.

Though the actual cost of this incident could be much higher than the settlement amount as they have to account for the reissuing of the cards, settlement of any disputes etc.

Now the key is the vulnerabilities in various systems. How can an organization detect such vulnerabilities, even during the assessments by QSA, ASV or other parties are not detecting it?

It is important to have Security as active participant in the software development life cycle. Another option would be to procure applications which are PA-DSS certified.

Is it still going to save the company? protect the card holder information? May be.

Tags: breach news

Binoy KL

0 Comments

You May Also Like