Home Depot’s point of sale (POS) system was breached in 2014, comprising information on 53 million accounts. A year before, Target’s POS was breached, putting data from at least 40 million customers in jeopardy. In both cases, the retailers were deemed “compliant” with Payment Cardholder Initiative (PCI) data security standards. But obviously there’s a big difference between complying with security regulations and actually having good security, and that’s true whether your shop runs on IBM i or any other platform.
As cyber criminals get better at penetrating computer systems (and it’s worth reminding you that they are getting very, very good), it’s becoming increasingly clear that companies need to step up their game in the security department. After hackers had free reign in the PCI-compliant systems of Target, Home Depot, and other victims–often for months before anybody even noticed something was wrong–it prompted the folks behind the PCI standards to do something about it.
That “something” included mandatory annual penetration testing of critical systems, which was implemented as part of PCI DSS 3.0 in June 2015.
Penetration testing has been commonplace in the network security world for quite a while, where ethical hackers poke and prod firewalls and other outward-facing security components for any sign of weakness. The Internet is a wild and wily place, and without that effort, e-commerce would never have matured to the level it is at now. For the full article click here
from hacker samurai http://ift.tt/1Q1pIjd
via IFTTT
No comments:
Post a Comment