Quoted from ForceFlow:Security all around for the credit card ecosystem is really woefully inadequate.
This times a million.
I do a lot of work with PCI DSS and you guys wouldn't believe some of the shit that goes down.
(Topic ID: 212102)
You're currently viewing posts by Pinsider Wolfmarsh.
Click here to go back to viewing the entire thread.
Quoted from merccat:So I wonder what would be a better system while still retaining most of the convenience (since that is apparently more important than security to CC issuers).
It would be a better system if payment gateways and processors were held more accountable for sticking to proper security procedures. As you've discovered, physical skimming or number stealing in the presence of the card is only one of the many attack vectors.
If you were a criminal interested in credit card numbers, would you rather attack cards one by one (skimmer/physical theft) or would you rather put your resources into compromising a resource like a payment gateway that just continuously feeds you new numbers.
A lot of the public associates hacks and compromised servers with "loud" attacks, like defacing a webpage or denying service. In reality, for people interested in stealing information, it's all about being quiet and keeping your compromised assets available for as long as possible, and knowing when to abandon them.
When you hear about data breaches, it is more often than not something that has been going on for a while and was just discovered.
You're currently viewing posts by Pinsider Wolfmarsh.
Click here to go back to viewing the entire thread.
Reply
Wanna join the discussion? Please sign in to reply to this topic.
Hey there! Welcome to Pinside!
Donate to PinsideGreat to see you're enjoying Pinside! Did you know Pinside is able to run without any 3rd-party banners or ads, thanks to the support from our visitors? Please consider a donation to Pinside and get anext to your username to show for it! Or better yet, subscribe to Pinside+!
