thePCI Portal

Category: Breach

Supplementary validation for “designated” entities

Have you ever heard of the supplementary validation for designated entities (a.k.a DESV)? If not, you should be happy.  According to the Council’s FAQ for designated entities, “A Designated Entity is determined by an Acquirer or Payment Brand as an organization that requires additional validation to existing PCI DSS requirements. “ Organizations that view PCI…

Cloudy Breach

The Register has a story about a breach at cloudy service supplier Aptos. Aptos has several cloud services.  POS in the cloud.  Ecommerce in the cloud (didn’t see that one coming!). etc.  The timeline of what happened is: Feb 2016 – There was a breach and malware installed in the cloud. Nov 2016 – Aptos…

Before you read the 2015 Verizon DBIR…

Before you read the recently released 2015 Verizon DBIR, you may get some benefit from listening to the April 16th  Risky Business podcast episode where Bob Rudis of Verizon speaks about the company’s annual data breach investigation report.  He highlights some of the interesting findings for you! Ad below this line:

Whats a stolen PAN worth nowadays?

The paper titled “Examining the Structure, Organization, and Processes of the International Market for Stolen Data” will bring you up to date on the value of several forms of stolen data (as of March 2014).  The paper was written by Thomas J. Holt and Olga Smirnova and financed by US Dept of Justice.  Lots of…

Malware on POS systems

Did you see the CERT warning about the POS malware named Backoff?  The Ars Technica article is a nice summary of the US CERT piece which is technical. The malware retrieves track data from the memory of systems it is installed on.  Combined with key logging, update capabilities and a low antivirus detection rate, its…