Blog article
See all stories ยป

An article relating to this blog post on Finextra:

Malware used in Hannaford card data theft

A security breach at US grocer Hannaford Bros that compromised around 4.2 million credit and debit card accounts was caused by fraudsters installing malware on servers at all of the retailer's 300 sto...

See article

PCI compliance fails to prevent Hannaford hacking

The Hannaford card security breach is a worrying development for the payment card industry. The exploit - which would appear to be an inside job - exposes weaknesses in the PCI compliance standards explicitly and expensively promoted by the card companies as a solution to restoring consumer confidence in payment card security.

Unlike TJX, Hannaford did not store customer names and account information in a central location and was fully-compliant with industry standards for protecting card data. In this incident, the hackers tapped into the data as it was transmitted from servers at each compromised Hannaford outlet during the card verification process.

It may be that there is little the industry as a whole can do to thwart such a determined and sophisticated attack. Nonetheless, incidents such as this do little to inspire confidence in either retailer security, or the 12-step PCI standards.


Comments: (0)

Paul Penrose

Paul Penrose

Head of Research


Member since

06 Oct 2006



Blog posts




More from Paul

Blog post

ANZ and Visa lose the plot

Blog post

Now we are ten

Blog post

Finextra's Best of the Web

This post is from a series of posts in the group:

Trends in Financial Services

A community to discuss the future of financial services and any other interesting trends, strategies, ideas, views.

See all

Now hiring