Government ID, Smart Cards, Identification and Authentication

Card Compromise Statistics Prove that PCI DSS Compliance Protects Businesses and Customers

Wednesday, March 11, 2009 in Library

Through October 29, 2008, Trustwave’s forensics practice has investigated 443 cases of cardholder data compromise. The information contained within this article is the culmination of almost seven years of card compromise investigations.

Key Developments in 2008: The Theft of Cardholder Data in Transit

In 2008, the most notable development in payment card compromises is the theft of cardholder data at rest (stationary on a system component) to its theft in transit (moving through a system). Trustwave experts have noted that attackers, are stealing data in real-time by eavesdropping on a certain device and stealing the data as it passes to or through a particular system rather than stealing data that is stored on that system.

One example of this is an attackers’ use of unauthorized applications—referred to as malware—that steals cardholder data from a computer’s Random Access Memory. What’s perhaps most unsettling about the trend is that a merchant can use a payment application that complies with the Payment Application Data Security Standard (PA-DSS) or Visa’s Payment Application Best Practices (PABP), but still fall victim to a compromise.

There are 750 words in the rest of this article …

Library Access Required

Library subscribers have access to the full archives of more than 10,000 original news items and feature articles published by AVISIAN’s suite of ID technology publications (ContactlessNews.com, CR80News.com, DigitalIDNews.com, FIPS201.com, NFCNews.com, RFIDNews.org, SecureIDNews.com, and ThirdFactor.com).

For just $49, you receive unlimited password-protected access to content on all of AVISIAN’s sites for an entire year. Your subscription helps fund the continued creation of independent, insightful content. Find out more.

Sign in as a Subscriber

If you are already a subscriber, you may sign in now. Enter your Email Address and Password and click Sign In.

Email Address →
Password →
Action →

If you have forgotten your password, enter just your Email Address, and click Send Password.

Email Address →
Action →
Related Articles
Ads by AVISIAN

Listen to the latest re:ID Podcast


The weekly podcast covers relevant issues and breaking news from AVISIAN's suite of ID technology publications.

Listen now.

Place your ad here for just $200

Text ads on SecureIDNews bring 100,000+ impressions each month.

Click to learn more
Copyright © 2010, AVISIAN, Inc. All rights reserved.