December 19, 2005 (Computerworld) --
Recent data compromises, such as one involving the Sam's Club wholesale chain, highlight the challenges that credit card companies face in enforcing the security standards that went into effect last July for all businesses processing credit transactions. Sam's Club, a division of Wal-Mart Stores Inc., said in a statement issued this month that it was investigating a security breach that had exposed credit card data belonging to an unspecified number of customers who purchased gas at the company's stations between Sept. 21 and Oct. 2. Beyond saying that its internal systems and databases weren't compromised, Sam's Club didn't elaborate on how the card information was accessed. Last week, company officials didn't respond to repeated requests for comment. But Corinne Sherman, vice president of card services at the Pennsylvania Credit Union Association in Harrisburg, said that based on alerts from MasterCard International Inc. and Visa U.S.A. Inc., Sam's Club appears to have been storing customer and account information from both tracks of the magnetic stripe on the back of cards. That information could be used by data thieves to create counterfeit cards that could then be used to commit fraud, Sherman said. Especially troubling is the fact that a very large number of merchants still appear to be capturing and storing the full magnetic stripe information off credit and debit cards even though doing so violates the new Payment Card Industry (PCI) security standards, said Ann Davidson, payment systems risk manager at CUNA Mutual Group, a Madison, Wis.-based company that provides insurance and financial services to credit unions. Of the more than 300 fraud alerts that MasterCard and Visa have each issued this year, the majority involved cases where magnetic stripe information was stored after a transaction, Davidson said. "This is in direct violation of card association rules," Davidson said. "I would love to know why merchants are doing this." She added that CUNA Mutual has had several meetings with MasterCard and Visa to discuss the data storage issue. In April, the insurer filed a lawsuit against BJ's Wholesale Club Inc. seeking to recover losses incurred as a result of a security breach that compromised 40,000 credit and debit cards. The lawsuit, which BJ's is contesting, alleges that the retailer stored account and customer information in violation of MasterCard's and Visa's regulations. Many of the problems stem from the older point-of-sale systems that some merchants use to process card transactions, said Michael Petitti, a senior vice president at Ambiron TrustWave, a Chicago-based provider of security and PCI compliance services to the credit card industry. The POS systems often capture information that the merchants operating them don't even know about, Petitti said.
"Welcome to a special IT Blogwatch EXTRA: as Richi Jennings watches bloggers' reactions to the Russian hackers who claim to..."
Read more...
"As if taxpayers needed another reason to scorn the IRS. I read yesterday that the inspector general review of several..."
Read more... Read more Security posts or See all Blogs
One positive development stemming from the collapse of Wall Street may be a boost in interest in computer science and IT careers among students who were previously interested in financial services jobs.
From Laggard to Leader: Transforming the Data Center
From Laggard to Leader: Transforming the Data Center Register for this complimentary webcast today! Go to the webcast
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing
Quick Sizing Guide for SAS Grid Running on HP BladeSystems and EVA Storage
Download this white paper today! (Source: HP) Designed for CIOs, IT managers, data center managers and grid computing architects seeking to improve performance, SAS Grid Computing on the HP BladeSystem c-Class helps accelerate growth and mitigate risks with a simplified, consolidated infrastructure that's agile enough to efficiently handle change. SAS Grid Manager on HP BladeSystem can lower costs through automation, virtualization and improved IT efficiency. Download this white paper
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Securing your network begins at the gateway, also called the perimeter, to keep unauthorized users, viruses and malicious code from entering your systems. Deploying multilayer technologies is your first line of defense. With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. One of the key facets of a successful security strategy is protecting the servers that run critical applications and house so much of your essential data. Having the right policies, procedures and server configurations is critical.
Fired up about IT?Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.
Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage.
Preston Gralla: Apple plays the bully again
Apple is once again unleashing its attack dog lawyers. This time against a college for using an apple in its logo. ... [more]
See your link here
Subscribe to
Computerworld 
or
Other Security Stories
From Laggard to Leader: Transforming the Data Center
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. 
Download this white paper today!
Read up on the latest ideas and technologies from companies that sell hardware, software and services. 
The Security Zone
Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.
Preston Gralla: Apple plays the bully again
Apple is once again unleashing its attack dog lawyers. This time against a college for using an apple in its logo. ... [more]