Data breaches in the US soared in the first
quarter of 2008, reaching 167 compared with 76 in the first quarter
of 2007, according to non-profit organisation The Identity Theft
Resource Center. However, while some incidences were no doubt
attributable to slack security, this did not apparently hold true
for one of the most high-profile breaches so far this year, that of
Hannaford Bros, a grocery chain operating 150 stores in New York
state and the six New England sates.
quarter of 2008, reaching 167 compared with 76 in the first quarter
of 2007, according to non-profit organisation The Identity Theft
Resource Center. However, while some incidences were no doubt
attributable to slack security, this did not apparently hold true
for one of the most high-profile breaches so far this year, that of
Hannaford Bros, a grocery chain operating 150 stores in New York
state and the six New England sates.
The Hannaford incident involved the theft of
payment card details of 4.2 million customers between 7 December
2007 and 10 March 2008. “At the time of the breach Hannaford’s was
certified to be in compliance with the highest security standards
required by the credit card industry,” stressed the retailer’s
president and CEO Ronald C Hodge.
payment card details of 4.2 million customers between 7 December
2007 and 10 March 2008. “At the time of the breach Hannaford’s was
certified to be in compliance with the highest security standards
required by the credit card industry,” stressed the retailer’s
president and CEO Ronald C Hodge.
Hodge was referring to the Payment Card
Industry Data Security Standards (PCI-DSS) that all merchants
accepting credit cards are required to comply with or face heavy
financial penalties. According to security technology developer
Solidcore Systems, attaining the highest level of compliance
requires merchants and service providers to address about 180
individual PCI-DSS requirements in 12 categories.
Industry Data Security Standards (PCI-DSS) that all merchants
accepting credit cards are required to comply with or face heavy
financial penalties. According to security technology developer
Solidcore Systems, attaining the highest level of compliance
requires merchants and service providers to address about 180
individual PCI-DSS requirements in 12 categories.
The Hannaford data breach is likely to harm
what appear to be already shaky confidence levels in PCI-DSS
implementations among IT professionals. Notably, in a recent survey
of 173 IT professionals responsible for PCI-DSS compliance
conducted jointly by Solidcore and technology security service
specialists Fortrex Technologies and Emagined Security, only 6
percent said they were “completely confident” they would not
experience a data breach following a successful PCI-DSS compliance
assessment.
what appear to be already shaky confidence levels in PCI-DSS
implementations among IT professionals. Notably, in a recent survey
of 173 IT professionals responsible for PCI-DSS compliance
conducted jointly by Solidcore and technology security service
specialists Fortrex Technologies and Emagined Security, only 6
percent said they were “completely confident” they would not
experience a data breach following a successful PCI-DSS compliance
assessment.
A low level of confidence indeed in a
compliance requirement that, according to Soldicore, will have cost
a Level 1 merchant (those processing six million credit card
transactions or more annually) up to $10 million to implement and
up to $8 million annually to maintain. A Level 1 merchant must
submit an annual report on compliance validated by an approved
qualified security assessor. Multiple assessments can also be
required during the year.
compliance requirement that, according to Soldicore, will have cost
a Level 1 merchant (those processing six million credit card
transactions or more annually) up to $10 million to implement and
up to $8 million annually to maintain. A Level 1 merchant must
submit an annual report on compliance validated by an approved
qualified security assessor. Multiple assessments can also be
required during the year.
Go deeper with GlobalData
