Don’t Let the Grinch Steal Your Payment Card Data this Holiday Season!

Jannine Mahone | November 16, 2018
It’s a minute before midnight and all through the SOC, responders and engineers try to systems unlock. The ransomware was the dreaded WannaCry. Should they pay the ransom, so they can get by?
Retail organizations are increasingly being attacked by ransomware and even with mandated compliance standards, these organizations are falling short. The 2018 Verizon Payment Security Report showed that full PCI DSS compliance in the area of “Protect against malicious software,” fell from “92.1% in 2016 to 87.7%, a drop of 4.4 percentage points.”1. The retail sector showed the highest gap in this PCI control compared to all other industries in the report. Even more disturbing, almost half (47.5%) of the organizations Verizon assessed during interim PCI DSS compliance validation did not maintain all DSS controls.1 Can this poor control create opportunities for Grinches to steal payment card data this holiday season?
Kiplinger predicts that e-commerce will “have yet another banner year, growing by 15%, while in-store sales should do all right at 3.6%, their best showing since 2014.”2 With increased transactions come increased opportunities for payment card information to be exfiltrated. Public breaches of payment card information globally are resulting in large fines. Companies even face class action lawsuits such as is the case with British Airways.3 Ultimately, breaches result in loss of revenue long-term. Seven in 10 consumers say that they would consider leaving a retail business if it were hit by a ransomware attack.4 What can retail organizations do to protect credit card information? Here are five steps:
While these five steps are not all-encompassing, applying basic security such as described above and defined in PCI DSS 3.2 has been proven to reduce cardholder data breaches, making the holiday season brighter for everyone! For more information, download the Forescout Compliance Guide to learn how to address PCI DSS 3.2 controls.
1 Verizon Payment Card Industry Report: http://www.verizonenterprise.com/verizon-insights-lab/payment-security/2018/
2 Kiplinger Spending Forecast: https://www.kiplinger.com/article/business/T019-C000-S010-retail-sales-consumer-spending-forecast.html
3 British Airways faced with class action lawsuit: https://www.bankinfosecurity.com/british-airways-faces-class-action-lawsuit-over-data-breach-a-11478
4 Carbon Black Ransom Aware Survey: https://www.carbonblack.com/wp-content/uploads/2017/05/Carbon_Black_Ransom_Aware_Survey_Report.pdf
Toll-Free (US): 1-866-377-8771
Tel (Intl): +1-408-213-3191
Support: +1-708-237-6591
Headquarters
190 W Tasman Dr.
San Jose, CA, USA 95134