Top Five Causes of Data Compromise

← Back to Stories (view on slashdot.org)

Top Five Causes of Data Compromise

Posted by ryuzaki0 on Monday September 18, 2006 @09:18AM from the it's-the-data-stripe-stupid dept.

Steve writes, "In a key step to help businesses better understand and protect themselves against the risks of fraud, Visa USA and the U.S. Chamber of Commerce announced the five leading causes of data breaches and offered specific prevention strategies. The report states that the most common cause of data compromise is a merchant's or a service provider's encoding of sensitive information on the card's magnetic stripe in violation of the PCI Data Security Standard. The other four are related to IT security, which can be improved simply by following common-sense guidelines." Here is the report on the U.S. Chamber of Commerce site (PDF).

5 of 106 comments (clear)

Min score:

Reason:

Sort:

Ballmer responce: by Volante3192 · 2006-09-18 09:23 · Score: 5, Funny

Users! Users! Users!

Wait, five reasons? Add a 'Users! Users!' to the end of that.
top 5 by neonprimetime · 2006-09-18 09:24 · Score: 5, Informative

1. Storage of Magnetic Stripe Data
2. Missing or Outdated Security patches
3. Use of Vendor Supplied Default Settings and Passwords
4. SQL Injection
5. Unncessary and Vulnerable Services on Server

Honestly, could my post be any more useful?
1. Re:top 5 by grammar+fascist · 2006-09-18 09:41 · Score: 5, Informative
  
  4. SQL Injection
  
  I'm surprised, but not too much. It's interesting that this is the only one on the top five list that has anything to do with the programming. This puts it right up there with social engineering - SQL injection is that easy.
  
  The take-home lesson for us programmers? Never, ever, EVER use any DB API that doesn't let you bind parameters.
  
  --
  I got my Linux laptop at System76.
Re:sheesh by AP2k · 2006-09-18 09:29 · Score: 5, Funny

Maybe their data got compromised? D:
Chip & PIN by celardore · 2006-09-18 09:58 · Score: 5, Interesting

Perhaps slightly OT, but the article is slashdotted and the header mentioned VISA and breaches.

I think one of the greatest mistakes the credit/debit card companies/banks (certainly here in the UK) made was the compulsary PIN entering (as opposed to a signature) at point-of-sale. Now all you need to do is stand behind me and see my PIN, or if you work at the store - have the security camera trained at the keypad then either lift my wallet or clone my card. All you need is that four digit number, and you've pretty much got my bank account.

My point is, companies make fundamental security errors, and will continue to do so.