Newsletters
Customer Relationship Management News NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home CRM Systems Customer Service Contact Centers Business Intelligence More Topics...
Data Security
DDoS Protection Powered By Verisign
Average Rating:
Rate this article:  
What Global Payments Did Right in the Security Breach

What Global Payments Did Right in the Security Breach
By Jennifer LeClaire

Share
Share on Facebook Share on Twitter Share on Linkedin Share on Google Plus

Global Payments spotted the breach on its own, which security analyst Geoff Webb said would imply that the credit card processor has both monitoring tools in place and policies that enable it to use the information gathered and to respond appropriately to a breach. Webb said this self-detection actually speaks well of Global Payments' security.
 


Visa has nixed Global Payments from its credit card processing provider list after the firm reported that 1.5 million credit card files were compromised in a security breach -- at least for now. Global Payments has yet to reveal the root of the breach.

We caught up with Neil Roiter, research director at Corero Network Security, to get his take on the ongoing saga even as Global Payments remains tight-lipped about the open door. So far, Global Payments has stated only that the attack was "contained" and confirmed that about 1.5 million records were compromised.

"Global Payments was clearly vulnerable, and other processing companies likely are as well," Roiter said. "They all need to review continuously the security policies, practices and technology controls they have in place, including but not limited to encryption, access controls and authentication."

A Self-Detected Breach

Geoff Webb, director at Credant Technologies, told us he considered it interesting that the security breach was self-detected. That's because in the majority of breaches, the actual breached party finds out from a third party.

In this case Global Payments spotted the breach on its own, which Webb said would imply that the credit card processor has both monitoring tools in place and policies that enable it to use the information gathered and to respond appropriately. While Global Payments is getting plenty of criticism, Webb said this self-detection actually speaks well of the firm's security preparedness.

"Only a small number of servers were breached -- and it would seem these were used to handle North American card transactions, hence the limit of the breach to North American cards. This is not unusual," Webb said.

"Attackers will identify servers with weaknesses -- such as being left with default vendor-supplied service accounts -- and use those to gain access to the network. They will then watch for, and copy, unencrypted card information as it moves across the processors network. They'll often use some customer-designed software to do this, as we've seen before in other breaches."

What Global Payments Did Right

Global Payments went to the federal authorities early, within hours of the breach being detected. For this the credit card processor is being recognized in a positive light. Any organization breached in this way needs to move quickly to contact the federal government, Webb said, and then they should wait for guidance.

"The worst thing they could do is to shut down their systems and, as a result, warn the thieves that the breach has been spotted -- who then immediately begin to cover their tracks," Webb said. "Far better to allow the investigators an opportunity to look at the breached systems and gather as much information as possible -- huge amounts of forensic data can be lost by shutting down a breached system in a panicked response to identifying a breach."
 

Tell Us What You Think
Comment:

Name:



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Data Security
1.   UPS Stores Hit by Data Breach
2.   9 Norton Security Products Are Now 1
3.   Data Stolen from U.S. Health Network
4.   FBI Cybersquad To Add Agents
5.   Police: Be Careful What You Tweet


advertisement
UPS Stores Hit by Data Breach
Biz must adopt better security measures.
Average Rating:
Data Stolen from U.S. Health Network
Chinese hackers targeted hospital firm.
Average Rating:
9 Norton Security Products Are Now 1
Symantec takes software-as-service tack.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
UPS Stores in 24 States Hit by Data Breach
Big Brown has been breached. UPS said that about 105,000 customer transactions at 51 of its UPS Store locations in 24 states could have been compromised between January and August.
 
Cost of Target Data Breach: $148 Million Plus Loss of Trust
The now infamous Target data breach is still costing the company -- and its shareholders -- plenty. In fact, the retailing giant forecast the December 2013 incident cost shareholders $148 million.
 
Aruba Networks Handles Black Hat with Aplomb
It's not an easy job. Aruba Networks' task throughout the Black Hat USA conference in Las Vegas this month was to ensure thousands of attendees could connect without malicious attacks.
 

Enterprise Hardware Spotlight
Acer's New Desktop Box Rides the Chrome OS Wave
Filling out its Chrome OS line, Acer is following the introduction of a larger Chromebook line earlier this month with a new tiny $180 desktop Chromebox and also a smaller Chromebook.
 
Three New Lenovo PCs Aimed at Business Users
Businesses everywhere want computing solutions that do more for less money, and Lenovo has unveiled three new desktop PCs that offer solid computing at a budget-minded price.
 
Aruba Networks Handles Black Hat with Aplomb
It's not an easy job. Aruba Networks' task throughout the Black Hat USA conference in Las Vegas this month was to ensure thousands of attendees could connect without malicious attacks.
 

Mobile Technology Spotlight
Samsung, B&N Target Amazon with Nook Tablet
They've seen the enemy and it is Amazon. So Samsung and Barnes & Noble are teaming up to combat their common foe with a 7-inch tablet that blends Samsung’s tech, Nook’s content and e-reader platform.
 
Acer's New Desktop Box Rides the Chrome OS Wave
Filling out its Chrome OS line, Acer is following the introduction of a larger Chromebook line earlier this month with a new tiny $180 desktop Chromebox and also a smaller Chromebook.
 
Apple Stock Soars Ahead of iPhone 6 Launch
The imminent release of the iPhone 6 -- and maybe even an iWatch -- has sent Apple's stock soaring to new heights. Considering what else the firm could have up its sleeve -- the stratosphere may be the limit.
 

Navigation
CRM Daily
Home/Top News | CRM Systems | Customer Service | Contact Centers | Business Intelligence | Sales & Marketing | Customer Data | CRM Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.