Thursday, November 06, 2008

Credit Card Security at Point of Sale

This is an interesting article in CSO about Point of Sale (POS) security for credit cards. Credit card security is regulated by the well-known industry standard, PCI. But PCI covers retailers, merchants, banks and others who either issue or use credit cards in their business.

Partly due to tightening of security from PCI, hackers are aiming their sites at payment application systems, like those where people swipe their cards when making purchases. Often the security of these applications, which sit on POS systems, themselves striped down mini-computers, aren't as tenderly secured as full-blown systems and their applications.

As a result, the PCI council has another standard for these applications, the Payment Application Data Security Standard (PA-DSS).

This article also mentions a type of insider attack, called "under-ringing," where store clerks collude with card thieves. This type of human attack isn't cover by PA-DSS, but the article still makes for good security reading.


Post a Comment

<< Home