Avivah LitanI just got off the Global Payments call where they talked about their breach. Their breach seems to be very different than the one Visa issued an alert on. Information presented on the timing windows were different and not reconciled during the Global Payments call (Visa reported the exposure window was January 21, 2012 – February 25, 2012, and Global Payments only reported they self-detected the breach early March), the data that may have been stolen was different (Visa reported Track 1 and 2; Global Payment reported only Track 2), and the reports on fraud (Global Payments said they had not heard about fraud on the stolen cards) are different.
Sounds like there’s a lot more going on out there than the payment industry and law enforcement have nailed down and are prepared to talk about.
In the meantime, Global Payments who was PCI compliant at the time of their breach is no longer PCI compliant – and was delisted by Visa – yet they continue to process payments.
What’s the takeaway on PCI? The same one that’s been around for years. Passing a PCI compliance audit does not mean your systems are secure. Focus on security and not on passing the audit.
Category: Uncategorized Tags:
13 responses so far ↓
1 Visa Dumps Global Payments Following Credit Card Data Breach - Fundamental Technology Partners Inc. April 2, 2012 at 1:56 pm
[...] MasterCard reported, and what Global Payments said, according to Gartner analyst Avivah Litan. In a blog post April 2, she noted that the credit card companies said that Track 1 data—including cardholder names and [...]
2 Global Payments Reveals More Details About Security Breach, Loses Visa's Seal-of-Approval | Technology News, Computer Security - Hyphenet Blog April 2, 2012 at 4:17 pm
[...] none of those details match those of the Global Payments hack, which has opened up the discussion over whether or not the Global Payments breach was simply one of [...]
3 Visa Dumps Global Payments Following Credit Card Data Breach » Techno Capital April 2, 2012 at 9:36 pm
[...] MasterCard reported, and what Global Payments said, according to Gartner analyst Avivah Litan. In a blog post April 2, she noted that the credit card companies said that Track 1 data—including cardholder names and [...]
4 Noise Filter: Global Payments Credit Card Breach May Illustrate PCI DSS Weakness - Cheap Hosting Companies Reviews April 3, 2012 at 1:12 am
[...] Monday’s conference call, Avivah Litan of Gartner says in a blog post that there are several details that do not line up. For example, though Visa reported that the exposure window was between January 21, 2012 and [...]
5 Anton Chuvakin April 4, 2012 at 1:57 pm
\Global Payments who was PCI compliant at the time of their breach\
How do you know? Do you know who assessed them while they were being hacked?
6 Visa Qualified Investigator on Global Payments Breach : Security Heavy April 6, 2012 at 2:12 pm
[...] Avivah Litan – Gartner [...]
7 Credit card data breach effects reach Iowa | i Credit Advice - Credit and debt Card advice and tips April 7, 2012 at 2:41 am
[...] fraud has already happened. It is difficult to pinpoint the amount, since card fraud has become a near-constant reality for financial institutions of any [...]
8 Credit Card Approval Guide » Blog Archive » Credit card data breach effects reach Iowa April 7, 2012 at 2:07 pm
[...] rascal has already happened. It is formidable to pinpoint a amount, given card rascal has turn a near-constant reality for financial institutions of any [...]
9 Ulf Mattsson April 8, 2012 at 10:33 am
Is Trustwave the QSA?
Did Amazon host the system?
Did Accenture recommend the security solution for CHD?
10 Jeff Ogden April 9, 2012 at 2:57 pm
Good post, Aviviah. It’s interesting how firms spin the news to put themselves in the best possible light. It also interesting that Global Payments was compliant but not secure.
This will be an interesting case to watch as the facts continue to emerge.
Good point on focusing on security rather than compliance too.
Jeff Ogden
11 Credit card data breach reaches Iowa | i Credit Advice - Credit and debt Card advice and tips April 9, 2012 at 8:43 pm
[...] fraud has already happened. It is difficult to pinpoint the amount, since card fraud has become a near-constant reality for financial institutions of any [...]
12 Credit card data breach reaches Iowa April 9, 2012 at 9:06 pm
[...] hard tο pinpoint thе amount, ѕіnсе card fraud hаѕ become a near-constant reality fοr financial institutions οf аnу [...]
13 Credit Card Approval Guide » Blog Archive » Credit card data breach reaches Iowa April 10, 2012 at 2:14 am
[...] rascal has already happened. It is formidable to pinpoint a amount, given card rascal has turn a near-constant reality for financial institutions of any [...]