Published: 31 October 2008 - 15:53
Trojan steals 500,000+ bank and card details
The login credentials for hundreds of thousands of online bank accounts and debit and credit cards have been stolen by "one of the most pervasive and advanced pieces of crimeware ever created," according to the RSA FraudAction Research Lab.
PCI compliance fails to prevent Hannaford hacking 31/03/2008 13:15:02
The Hannaford card security breach is a worrying development for the payment card industry. The exploit - which would appear to be an inside job - exposes weaknesses in the PCI compliance standards explicitly and expensively promoted by the card companies
as a solution to restoring consumer confidence in payment card security.
Unlike TJX, Hannaford did not store customer names and account information in a central location and was fully-compliant with industry standards for protecting card data. In this incident, the hackers tapped into the data as it was transmitted from servers
at each compromised Hannaford outlet during the card verification process.
It may be that there is little the industry as a whole can do to thwart such a determined and sophisticated attack. Nonetheless, incidents such as this do little to inspire confidence in either retailer security, or the 12-step PCI standards.
My question is what the community thinks about making online banking and e-commerce secured, so that even a layman can do the transactions with 100% confidence?