In a story released yesterday in the Boston Globe and confirmed by Hannaford Bros. it was announced that the source of the Hannaford data breach was malicious software that had been installed on their servers. While this malware was happily transmitting transaction information to the bad guys, Hannaford was certified as being PCI compliant. This isn’t good news for anyone.
We can only speculate on the impact on the payment processing industry, but rest assured that changes will happen – probably sooner rather than later. It’s a pretty established rule of security that nothing is foolproof but I doubt that anyone expected this. Somehow, the bad guys got through firewalls, encryption, and all the other safeguards that Hannaford had in place.
What does this mean to E-commerce merchants?
If there was an on-going breach of data during a period of compliance, then PCI is going to change. At the moment it does, all compliant merchants will cease to be compliant and they will scramble. It will get even more expensive than it already is.
Similar Posts:
- US Bank concealed a data breach?
- Card Breach Victim Gets Twenty Years ‘Probation’
- Albert Gonzales may be in Jail but it ain’t over for a long time.
- Genesco suffers breach – Not PCI compliant?
- Credit card fraud trends
