SlideShare une entreprise Scribd logo
1  sur  9
Télécharger pour lire hors ligne
5 TYPES OF DATA
BREACHES CAUSED BY
   LACK OF PCI
   COMPLIANCE
Top Patch delivers information
                                  security products that reduce risk,
                                  increase data security and ensure
                                  compliance.

                                  • Remediation Vault™: first peer-to-
                                    peer patch distribution product.
                                  • Vulnerabilities patched before
                                    hackers can exploit them.
                                  • Unix, Linux, BSD, OSX and
                                    Windows OS protected with
                                    newest security patches.
                                              www.toppatch.com
                                   Email: alex@toppatch.com • Twitter: @toppatch
©TopPatch • All Rights Reserved     349 Fifth Avenue, New York NY 10016, (646)
5 Types of Data Breaches Caused
                          by Lack of PCI Compliance



Overview

  •   Four merchant levels based on transaction
      volume over one year.

  •   Aggregated number of transactions across all
      merchant DBAs and across all cards.

  •   Vulnerability assessment: merchant systems
      checked by an approved vendor to determine
      level of susceptibility to data security
      breaches.

  •   If merchant stores cardholder data post-
      authorization and if the processing systems
      have internet connectivity, a quarterly scan by
      approved PCI scanning vendor is required.
5 Types of Data Breaches Caused
                         by Lack of PCI Compliance



Data breach #1: magnetic stripe data storage

  • Most common type

  • Merchant or service provider store highly
  sensitive information encoded on magnetic stripe:
  direct violation of PCI Data Security Standards.

  • POS may store these data without merchant’s
  knowledge.
5 Types of Data Breaches Caused
                           by Lack of PCI Compliance



Data breach #2: Missing/outdated security
patches


   • Involves some form of hacking

    • Hacker exploits merchant’s failure to install
    security patches and enters into the system.
5 Types of Data Breaches Caused
                         by Lack of PCI Compliance



Data breach #3: using vendor-supplied default
passwords and settings

  • Merchants get POS software and hardware from
  vendors.

  • Vendors install these at merchants’ premises
  using default passwords and settings.

  • Merchants do not change passwords and
  settings.
5 Types of Data Breaches Caused
                         by Lack of PCI Compliance



Data breach #4: SQL injection


 • Technique used by hackers to exploit
weaknesses
 
 in the coding of web-based applications.

   • Used to attack merchants’ internet
   applications, often involving shopping carts.
5 Types of Data Breaches Caused
                          by Lack of PCI Compliance



Data breach #5: Use of vulnerable services
on merchants’ servers

   • Servers used by merchants are often shipped
   with vulnerable services and applications that
   enabled by default.

   • Merchants not aware: since most services are
   not required by merchant, security upgrades are
   ignored.


 • Technique used by hackers to exploit
weaknesses

 in the coding of web-based applications.

 
 • Used to attack merchants’ internet
applications, often 
 involving shopping carts.
Top Patch delivers
     information security
  products that reduce risk,
  increase data security and
      ensure compliance

     Request a free trial of
     the Remediation Vault
              for
      Best-In-Class Patch
          Management
Alex
Email: alex@toppatch.com
(646) 664-4265
349 Fifth Avenue, New York, NY 10016
www.toppatch.com
Twitter: @toppatch

Contenu connexe

En vedette

Natalie Archer VP RCDSO Resignation Letter
Natalie Archer VP RCDSO Resignation LetterNatalie Archer VP RCDSO Resignation Letter
Natalie Archer VP RCDSO Resignation Letternatalie_archer
 
Prevalence of Missing Lateral Incisor Agenesis in an Or¬thodontic Arabs Popul...
Prevalence of Missing Lateral Incisor Agenesis in an Or¬thodontic Arabs Popul...Prevalence of Missing Lateral Incisor Agenesis in an Or¬thodontic Arabs Popul...
Prevalence of Missing Lateral Incisor Agenesis in an Or¬thodontic Arabs Popul...Abu-Hussein Muhamad
 
Renueva tu vida familiar, hablemos
Renueva tu vida familiar, hablemosRenueva tu vida familiar, hablemos
Renueva tu vida familiar, hablemosAlexander Dorado
 
Image pre processing - local processing
Image pre processing - local processingImage pre processing - local processing
Image pre processing - local processingAshish Kumar
 
Image pre processing
Image pre processingImage pre processing
Image pre processingAshish Kumar
 
Ppt on remote sensing system
Ppt on remote sensing systemPpt on remote sensing system
Ppt on remote sensing systemAlisha Korpal
 
REMOTE SENSING
REMOTE SENSINGREMOTE SENSING
REMOTE SENSINGKANNAN
 
Intro to GIS and Remote Sensing
Intro to GIS and Remote SensingIntro to GIS and Remote Sensing
Intro to GIS and Remote SensingJohn Reiser
 
GIS presentation
GIS presentationGIS presentation
GIS presentationarniontech
 
Remote sensing ppt
Remote sensing pptRemote sensing ppt
Remote sensing pptcoolmridul92
 

En vedette (15)

Neil Gajjar
Neil GajjarNeil Gajjar
Neil Gajjar
 
Natalie Archer VP RCDSO Resignation Letter
Natalie Archer VP RCDSO Resignation LetterNatalie Archer VP RCDSO Resignation Letter
Natalie Archer VP RCDSO Resignation Letter
 
Prevalence of Missing Lateral Incisor Agenesis in an Or¬thodontic Arabs Popul...
Prevalence of Missing Lateral Incisor Agenesis in an Or¬thodontic Arabs Popul...Prevalence of Missing Lateral Incisor Agenesis in an Or¬thodontic Arabs Popul...
Prevalence of Missing Lateral Incisor Agenesis in an Or¬thodontic Arabs Popul...
 
Renueva tu vida familiar, hablemos
Renueva tu vida familiar, hablemosRenueva tu vida familiar, hablemos
Renueva tu vida familiar, hablemos
 
WHAT IS IMAGE INTERPRETATION?
WHAT IS IMAGE INTERPRETATION?WHAT IS IMAGE INTERPRETATION?
WHAT IS IMAGE INTERPRETATION?
 
Image pre processing - local processing
Image pre processing - local processingImage pre processing - local processing
Image pre processing - local processing
 
Congenitally missing teeth
Congenitally missing teethCongenitally missing teeth
Congenitally missing teeth
 
Image pre processing
Image pre processingImage pre processing
Image pre processing
 
Spm unit 3
Spm unit 3Spm unit 3
Spm unit 3
 
remote sensing
remote sensingremote sensing
remote sensing
 
Ppt on remote sensing system
Ppt on remote sensing systemPpt on remote sensing system
Ppt on remote sensing system
 
REMOTE SENSING
REMOTE SENSINGREMOTE SENSING
REMOTE SENSING
 
Intro to GIS and Remote Sensing
Intro to GIS and Remote SensingIntro to GIS and Remote Sensing
Intro to GIS and Remote Sensing
 
GIS presentation
GIS presentationGIS presentation
GIS presentation
 
Remote sensing ppt
Remote sensing pptRemote sensing ppt
Remote sensing ppt
 

Dernier

Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)
Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)
Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)tazeenaila12
 
Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Lviv Startup Club
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfAMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfJohnCarloValencia4
 
Data skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsData skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsyasinnathani
 
A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.mcshagufta46
 
Anyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyAnyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyHanna Klim
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxWorkforce Group
 
Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..dlewis191
 
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGUNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGlokeshwarmaha
 
To Create Your Own Wig Online To Create Your Own Wig Online
To Create Your Own Wig Online  To Create Your Own Wig OnlineTo Create Your Own Wig Online  To Create Your Own Wig Online
To Create Your Own Wig Online To Create Your Own Wig Onlinelng ths
 
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...AustraliaChapterIIBA
 
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...Khaled Al Awadi
 
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfTalent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfCharles Cotter, PhD
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 
Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Winbusinessin
 
Amazon ppt.pptx Amazon about the company
Amazon ppt.pptx Amazon about the companyAmazon ppt.pptx Amazon about the company
Amazon ppt.pptx Amazon about the companyfashionfound007
 
NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023Steve Rader
 
Upgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsUpgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsIntellect Design Arena Ltd
 
Personal Brand Exploration Presentation Eric Bonilla
Personal Brand Exploration Presentation Eric BonillaPersonal Brand Exploration Presentation Eric Bonilla
Personal Brand Exploration Presentation Eric BonillaEricBonilla13
 

Dernier (20)

Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)
Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)
Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)
 
Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfAMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
 
Data skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsData skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story points
 
A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.
 
Anyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyAnyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agency
 
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptxCracking the ‘Business Process Outsourcing’ Code Main.pptx
Cracking the ‘Business Process Outsourcing’ Code Main.pptx
 
Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..
 
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGUNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
 
To Create Your Own Wig Online To Create Your Own Wig Online
To Create Your Own Wig Online  To Create Your Own Wig OnlineTo Create Your Own Wig Online  To Create Your Own Wig Online
To Create Your Own Wig Online To Create Your Own Wig Online
 
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
 
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
 
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfTalent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 
Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024Ethical stalking by Mark Williams. UpliftLive 2024
Ethical stalking by Mark Williams. UpliftLive 2024
 
Amazon ppt.pptx Amazon about the company
Amazon ppt.pptx Amazon about the companyAmazon ppt.pptx Amazon about the company
Amazon ppt.pptx Amazon about the company
 
NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023NASA CoCEI Scaling Strategy - November 2023
NASA CoCEI Scaling Strategy - November 2023
 
Upgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsUpgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking Applications
 
Personal Brand Exploration Presentation Eric Bonilla
Personal Brand Exploration Presentation Eric BonillaPersonal Brand Exploration Presentation Eric Bonilla
Personal Brand Exploration Presentation Eric Bonilla
 

5 Types of Data Breaches Caused by Lack of PCI Compliance

  • 1. 5 TYPES OF DATA BREACHES CAUSED BY LACK OF PCI COMPLIANCE
  • 2. Top Patch delivers information security products that reduce risk, increase data security and ensure compliance. • Remediation Vault™: first peer-to- peer patch distribution product. • Vulnerabilities patched before hackers can exploit them. • Unix, Linux, BSD, OSX and Windows OS protected with newest security patches. www.toppatch.com Email: alex@toppatch.com • Twitter: @toppatch ©TopPatch • All Rights Reserved 349 Fifth Avenue, New York NY 10016, (646)
  • 3. 5 Types of Data Breaches Caused by Lack of PCI Compliance Overview • Four merchant levels based on transaction volume over one year. • Aggregated number of transactions across all merchant DBAs and across all cards. • Vulnerability assessment: merchant systems checked by an approved vendor to determine level of susceptibility to data security breaches. • If merchant stores cardholder data post- authorization and if the processing systems have internet connectivity, a quarterly scan by approved PCI scanning vendor is required.
  • 4. 5 Types of Data Breaches Caused by Lack of PCI Compliance Data breach #1: magnetic stripe data storage • Most common type • Merchant or service provider store highly sensitive information encoded on magnetic stripe: direct violation of PCI Data Security Standards. • POS may store these data without merchant’s knowledge.
  • 5. 5 Types of Data Breaches Caused by Lack of PCI Compliance Data breach #2: Missing/outdated security patches • Involves some form of hacking • Hacker exploits merchant’s failure to install security patches and enters into the system.
  • 6. 5 Types of Data Breaches Caused by Lack of PCI Compliance Data breach #3: using vendor-supplied default passwords and settings • Merchants get POS software and hardware from vendors. • Vendors install these at merchants’ premises using default passwords and settings. • Merchants do not change passwords and settings.
  • 7. 5 Types of Data Breaches Caused by Lack of PCI Compliance Data breach #4: SQL injection • Technique used by hackers to exploit weaknesses in the coding of web-based applications. • Used to attack merchants’ internet applications, often involving shopping carts.
  • 8. 5 Types of Data Breaches Caused by Lack of PCI Compliance Data breach #5: Use of vulnerable services on merchants’ servers • Servers used by merchants are often shipped with vulnerable services and applications that enabled by default. • Merchants not aware: since most services are not required by merchant, security upgrades are ignored. • Technique used by hackers to exploit weaknesses in the coding of web-based applications. • Used to attack merchants’ internet applications, often involving shopping carts.
  • 9. Top Patch delivers information security products that reduce risk, increase data security and ensure compliance Request a free trial of the Remediation Vault for Best-In-Class Patch Management Alex Email: alex@toppatch.com (646) 664-4265 349 Fifth Avenue, New York, NY 10016 www.toppatch.com Twitter: @toppatch

Notes de l'éditeur

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n