Comments on: Retail Data Breach Victim Rolls Back The Tech Clock http://www.storefrontbacktalk.com/securityfraud/retail-data-breach-victim-opts-to-roll-back-the-tech-clock/ Techniques, Tools and Tirades about Retail Technology and E-Commerce Fri, 19 Mar 2010 23:24:36 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Michael Cherry http://www.storefrontbacktalk.com/securityfraud/retail-data-breach-victim-opts-to-roll-back-the-tech-clock/comment-page-1/#comment-64106 Michael Cherry Mon, 02 Nov 2009 12:46:03 +0000 http://www.storefrontbacktalk.com/?p=4081#comment-64106 Excellent article. The Retail IT Community (my community) got ahead of itself and new safer solutions are needed. My community did a better job when we designed wholesale banking and brokerage electronic funds transfer systems (EFTS). Michael Cherry Cherry Biometrics Inc. Excellent article. The Retail IT Community (my community) got ahead of itself and new safer solutions are needed. My community did a better job when we designed wholesale banking and brokerage electronic funds transfer systems (EFTS).

Michael Cherry
Cherry Biometrics Inc.

]]> By: Kiril Alexiev http://www.storefrontbacktalk.com/securityfraud/retail-data-breach-victim-opts-to-roll-back-the-tech-clock/comment-page-1/#comment-64067 Kiril Alexiev Mon, 26 Oct 2009 18:28:17 +0000 http://www.storefrontbacktalk.com/?p=4081#comment-64067 Merchant payment technologies have become very sophisticated and allow various networks or products to link seamlessly so that users can benefit from straight-through processing. But integration of various products and networks poses a unique problem: are these linkages done right and are there vulnerable points that are outside the security mechanisms of each component. PCI represents one attempt to standardize security procedures for payments but standardization cannot catch all weak points. Thus somethings rolling back in time can help merchants avoid what Cheers Liquor Mart experienced. A better solution would be to have IT security technician on staff and mandate annual security audits to look for ways to troubleshoot or improve the end to end security of an integrated system. Or said in other words: using a typewriter to avoid computer viruses on your word processing equipment is not a long term solution in the century of automation ... Merchant payment technologies have become very sophisticated and allow various networks or products to link seamlessly so that users can benefit from straight-through processing. But integration of various products and networks poses a unique problem: are these linkages done right and are there vulnerable points that are outside the security mechanisms of each component. PCI represents one attempt to standardize security procedures for payments but standardization cannot catch all weak points. Thus somethings rolling back in time can help merchants avoid what Cheers Liquor Mart experienced. A better solution would be to have IT security technician on staff and mandate annual security audits to look for ways to troubleshoot or improve the end to end security of an integrated system. Or said in other words: using a typewriter to avoid computer viruses on your word processing equipment is not a long term solution in the century of automation …

]]> By: Steve Sommers http://www.storefrontbacktalk.com/securityfraud/retail-data-breach-victim-opts-to-roll-back-the-tech-clock/comment-page-1/#comment-64061 Steve Sommers Thu, 22 Oct 2009 16:00:27 +0000 http://www.storefrontbacktalk.com/?p=4081#comment-64061 I question whether rolling back to dial up terminals is really more secure? Yes, it is a quick fix that will most likely close the current breach vector but it does bring back it own set of risks. I'm not aware of any dial up terminal that supports encrypting the data as it is sent to the modem. I’m also not aware of any processor "dial up" spec that supports encryption. While the card brands and PCI have added loopholes for unencrypted dial up traffic, there is a big grey area if the merchant uses a VoIP phone solution - in which case you might be introducing unencrypted traffic on a public network. I question whether rolling back to dial up terminals is really more secure? Yes, it is a quick fix that will most likely close the current breach vector but it does bring back it own set of risks. I’m not aware of any dial up terminal that supports encrypting the data as it is sent to the modem. I’m also not aware of any processor “dial up” spec that supports encryption. While the card brands and PCI have added loopholes for unencrypted dial up traffic, there is a big grey area if the merchant uses a VoIP phone solution – in which case you might be introducing unencrypted traffic on a public network.

]]> By: Chris http://www.storefrontbacktalk.com/securityfraud/retail-data-breach-victim-opts-to-roll-back-the-tech-clock/comment-page-1/#comment-64059 Chris Thu, 22 Oct 2009 06:32:24 +0000 http://www.storefrontbacktalk.com/?p=4081#comment-64059 I swear I'd do my best to initiate the comeback of the Carrier Pigeon if I knew it would do any better for network security :-) I swear I’d do my best to initiate the comeback of the Carrier Pigeon if I knew it would do any better for network security :-)

]]>