Top Patch delivers information security products to reduce risk, increase data security and ensure compliance. TopPatch's Remediation Vault™ is the industry’s first peer-to-peer patch distribution product. Even with existing patch management solutions, Remediation Vault ensures completeness, coverage and speed so that vulnerabilities are patched before hackers can exploit them. With Remediation Vault, the vulnerabilities in the software installed on Unix, Linux, BSD, OSX and Window’s operating systems are up to date with the newest security patches.
TopPatch services include HIPAA/HITECH compliance management, PCI compliance management, intrusion detection/prevention systems, forensics, end-to-end data privacy compliance management, vulnerability assessment and management, log monitoring and management, FFIEC, GLBA, NCUA, NERC, and SOX compliance.
3. 5 Types of Data Breaches Caused
by Lack of PCI Compliance
Overview
• Four merchant levels based on transaction
volume over one year.
• Aggregated number of transactions across all
merchant DBAs and across all cards.
• Vulnerability assessment: merchant systems
checked by an approved vendor to determine
level of susceptibility to data security
breaches.
• If merchant stores cardholder data post-
authorization and if the processing systems
have internet connectivity, a quarterly scan by
approved PCI scanning vendor is required.
4. 5 Types of Data Breaches Caused
by Lack of PCI Compliance
Data breach #1: magnetic stripe data storage
• Most common type
• Merchant or service provider store highly
sensitive information encoded on magnetic stripe:
direct violation of PCI Data Security Standards.
• POS may store these data without merchant’s
knowledge.
5. 5 Types of Data Breaches Caused
by Lack of PCI Compliance
Data breach #2: Missing/outdated security
patches
• Involves some form of hacking
• Hacker exploits merchant’s failure to install
security patches and enters into the system.
6. 5 Types of Data Breaches Caused
by Lack of PCI Compliance
Data breach #3: using vendor-supplied default
passwords and settings
• Merchants get POS software and hardware from
vendors.
• Vendors install these at merchants’ premises
using default passwords and settings.
• Merchants do not change passwords and
settings.
7. 5 Types of Data Breaches Caused
by Lack of PCI Compliance
Data breach #4: SQL injection
• Technique used by hackers to exploit
weaknesses
in the coding of web-based applications.
• Used to attack merchants’ internet
applications, often involving shopping carts.
8. 5 Types of Data Breaches Caused
by Lack of PCI Compliance
Data breach #5: Use of vulnerable services
on merchants’ servers
• Servers used by merchants are often shipped
with vulnerable services and applications that
enabled by default.
• Merchants not aware: since most services are
not required by merchant, security upgrades are
ignored.
• Technique used by hackers to exploit
weaknesses
in the coding of web-based applications.
• Used to attack merchants’ internet
applications, often
involving shopping carts.
9. Top Patch delivers
information security
products that reduce risk,
increase data security and
ensure compliance
Request a free trial of
the Remediation Vault
for
Best-In-Class Patch
Management
Alex
Email: alex@toppatch.com
(646) 664-4265
349 Fifth Avenue, New York, NY 10016
www.toppatch.com
Twitter: @toppatch