|
|
|
|
ATM Group Renews Security Push |
|
|
|
The ATM Industry Association’s
Debit Council says it is renewing its push for better security best
practices at POS terminals, as criminals continue to compromise
cardholder information by targeting out-of-date or improperly
configured POS hardware and software.
According to Fair Isaac, more than
90 percent of card and PIN compromises in 2006 took place either inside
outdated POS terminals or through improperly configured POS software
coupled with poor key management practices.
“All parties in the electronic
payments value chain must be vigilant in the protection of our
customers’ data,” said Mike Urban, a member of the Debit Council and
Fair Isaac’s senior director of fraud solutions. “The compromise of
cardholder data is one of the biggest security risks retailers face.
States (in the United States) are moving forward with legislation
placing liability on merchants who are not appropriately safeguarding
cardholder information.”
An estimated 20 million POS devices
are installed worldwide. The automation of credit and debit card
transactions at the point of sale has been growing since the early
1980s.
In response to growing fraud trends,
ATMIA has published Best Practices for Protecting the Point of Sale
Lifecycle. According to ATMIA, the best-practices manual includes
collaboration from both the ATM and POS industries — and represents the
first time the two industries have worked together to produce security
best practices for the entire POS lifecycle. The lifecycle model
defines and addresses eight phases: cardholder security, compliance to
existing industry standards, secure deployment of devices, physical
security, PIN and encryption security, software security and security
during the final de-commissioning process.
“The beauty of the lifecycle model
is that it helps security practitioners to identify possible security vulnerabilities throughout the life of each POS device,” said Mike Lee,
ATMIA’s chief executive and founder of ATMIA’s Global ATM Security
Alliance.
This manual is intended for
retailers, POS processors, encryption service organizations, auditors,
and security personnel and managers who have responsibility for
securing POS installations and for meeting network and PCI requirements.
ATMIA expects to host a Debit Council meeting during its ATM Security in the Americas 2007 conference, which runs from Sept. 11 through Sept. 13, in Las Vegas.
|
|
|
ETA Members Only |
Login here to access your member information, membership status and member-only content.
|
|
Upcoming Events |
|
Compliance Day April 13, 2010 Mandalay Bay Resort & Casino Las Vegas, NV
Investment Community Forum April 13, 2010 Mandalay Bay Resort & Casino Las Vegas, NV Prepaid Day
April 13, 2010 Mandalay Bay Resort & Casino Las Vegas, NV 2010 ETA Annual
Meeting & Expo
April 13-15, 2010 Mandalay Bay Resort & Casino Las Vegas, NV Strategic Leadership Forum: The Future of Payments, Today October 26-28, 2010 The Breakers Palm Beach, FL |
|
|
Tel: 202.828.2635
