Wondering Why PCI Compliance Is a Big Deal?

Cyber criminals are targeting point-of-sale terminals. 

POS devices read the magnetic stripe on the back of a card that contains account information, which is then transmitted for payment processing.

The POS systems that are connected to the Internet could fall prey to cyber attacks particularly  for small businesses. This is all according to Trustwave's global Security report of 2011:

Although there are rules for security controls that developers should use for the devices, such as the Payment Application Data Security standard (PA-DSS), Trustwave said that "these controls are rarely implemented properly."

Further, many small businesses rely on third-party integrators to support the POS devices. But those integrators often have poor security practices. In 87 percent of the breach cases it studied, the integrators make mistakes such as using default credentials in operating systems or with remote access systems, Trustwave said.

Hacker of TJX gets 20 years

As mentioned previously, hacker Albert Gonzalez had plead guitly and was convicted  and senteced to 20 years in prison for his role in a variety of computer fraud including TJX, Heartland payments 7-11 and other corporations. How did he do it you ask?

Using a SQL-injection attack, the hackers broke into the 7-Eleven network in August 2007, stealing an undetermined amount of card data. They used the same kind of attack to infiltrate Hannaford Brothers in November 2007, which resulted in 4.2 million stolen debit and credit card numbers; and into Heartland on Dec. 26, 2007. Of the two unnamed national retailers mentioned in the affidavit, one was breached on Oct. 23, 2007, and the other sometime around January 2008.

Once on the networks, the hackers installed back doors to provide them with continued access. They tested their malware against 20 different antivirus programs to make sure they wouldn’t be detected, and also programmed the malware to erase evidence from the hacked networks to avoid forensic detection.