PCI London Reveals UK Businesses Determined to Avoid a Repeat of Recent Credit Card Data Breaches
LONDON, Jan. 27, 2014 /PRNewswire/ — Since December 2013, a series of data breaches resulting in the loss of over 100 million credit card numbers were reported to occur at some of the largest retailers in the U.S.
Industry reports have confirmed the use of commercial malware known as Black POS in at least one of the attacks. The Black POS malware can be purchased on the black market for $1,800 USD and works by scraping sensitive credit card and other information from the memory of a retail POS checkout system.
Subsequently, the bi-annual PCI London forum was held last week with more than 400 stakeholders from prominent U.K. organisations discussing the subject of credit card data security. This record attendance of IT security and payment professionals participated in a series of presentations and workshops on the recent improvements to the Payment Card Industry Data Security Standard (PCI DSS), which is designed to help organisations avoid a data breach involving credit card data.
Ground Labs, one of the sponsors of the event, presented on the Black POS Malware and explained how it was used to steal cardholder data from retail POS systems. “The recent data breaches across the U.S. remind us just how easy it is for criminals to steal credit card data from companies of any size,” explains Mohamed Zouine, EMEA Director of Corporate Development for Ground Labs. “It is encouraging to witness the largest credit card processing businesses from across U.K. making data security a high priority.”
Ground Labs demonstrated throughout the day how a process called cardholder data discovery is being used by organisations to analyse the contents of workstations and servers including memory storage on retail POS systems to verify no credit card details are stored without encryption. The concept follows a fundamental rule within the new PCI standard, PCI DSS 3.0 which requires organisations to first understand what credit card data is being stored, remove any data that is not required and then take action to secure the remaining data.
Organisations in attendance at PCI London included Visa Europe, Worldpay, New Look Group, Waterstones and other leading U.K. companies that made data security a high priority. A full debrief on the PCI London event including information on the July 2014 event is available at www.groundlabs.com/blog/.
About Ground Labs
Ground Labs is a global leader in the development of cardholder data discovery software for the payment card industry. Its flagship products, Card Recon and Enterprise Recon, identify data storage risks on thousands of computer systems worldwide, helping companies prevent security breaches that result in the theft of customers’ credit and debit card numbers. For more information on data loss prevention and product demos, visit www.groundlabs.com.
For more information, please contact:
SOURCE Ground Labs Pte Ltd