Top Five Causes of Data Compromise

Steve writes, "In a key step to help businesses better understand and protect themselves against the risks of fraud, Visa USA and the U.S. Chamber of Commerce announced the five leading causes of data breaches and offered specific prevention strategies. The report states that the most common cause of data compromise is a merchant's or a service provider's encoding of sensitive information on the card's magnetic stripe in violation of the PCI Data Security Standard. The other four are related to IT security, which can be improved simply by following common-sense guidelines." Here is the report on the U.S. Chamber of Commerce site (PDF).

Security, we don' need no steeenkin security!

[misterhypno]

1. Storage of Magnetic Stripe Data

As opposed to non-magnetic stripe data - bar code, written material or a phone call to verify something, not to mention photographs, retinal scans or fingerprints?

2. Missing or Outdated Security patches

Like SP2?

3. Use of Vendor Supplied Default Settings and Passwords

Like SP2?

4. SQL Injection

Would that be intravenous or intramuscular?

5. Unncessary and Vulnerable Services on Server

Like SP2, Windows, Unix, Linux, Mac OSX, an internet connection, a card reader or having ANY human being, anywhere in the information loop, at all.

Insecurity is better than NO security and no matter HOW well encrypted a card is, some waiter with a pocket credit card scanner, somewhere, is going to get your information if he wants it.

There is NO defense against competence. And at least SOME cybercriminals are extremely competent.

Lee Darrow, C.H.