All Top Banking

Pulling the PIN on Older Systems

Posted by John B. Frank Tuesday, July 14, 2009

Pulling the PIN on older systems

The compliance clock is ticking. It is estimated that more than 500,000 PIN entry devices (PEDs) that predate security certifications are in use in the U.S. market. These devices predate the Visa Inc. PED standard - now the Payment Card Industry (PCI) PED Standard - and were "never approved" by the card brands, which have mandated they must be removed from service by July 2010. Are you ready for that challenge and opportunity?

Liability landing

Criminals are increasingly targeting older, unsecure PIN pads and terminals as a relatively easy means to gain access to cardholder data. The liability for these attacks is being placed with greater frequency squarely at the feet of merchants and acquirers.

The 2009 Verizon Business Data Breach Investigations Report examined 98 confirmed data breaches that compromised almost 300 million consumer records. Of the organizations victimized, 81 percent were not PCI Data Security Standard compliant, according to Verizon Business.

PINs beguiling

While many of these breaches had nothing to do with PIN pad compromises, obtaining PINs by exploiting vulnerable elements of computer networks is now the primary game in town for a number of criminal organizations.

Offending breaches range from highly sophisticated computer networking assaults to crude efforts that might be equated to "smash and grab" attacks in which criminals simply replace an existing terminal with a device that appears identical but has been bugged.

For example, according to The News Journal of Delaware, two men pled guilty in February 2009 to using a skimmer at the counter of a Rite Aid Corp. store to scoop up account numbers and PINs and use them to make counterfeit cards, with which they stole more than $500,000 from bank accounts.

Continue Reading at The GreenSheet

0 comments

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio