09-19-2006, 10:41 AM
Quote:The protection of cardholder account information is a responsibility that is shared by all participants in the Visa payment system. Visa is committed to providing educational information to members about potential vulnerabilities as they are identified. To promote compliance with the Cardholder Information Security Program (CISP) and the Payment Card Industry Data Security Standard (PCI DSS), Visa has identified the top five vulnerabilities detected in compromises...
1. Storage of Track Data (and other sensitive data)...
2. Missing or Outdated Security Patches
Hackers are constantly attempting to exploit known software vulnerabilities, as well as uncover unknown deficiencies in commercially available software products. Product vendors respond with frequent remediation measures in the form of software updates or patches. As specified in PCI DSS Requirement 6.1, it is imperative that all software updates or patches be applied as soon as possible to minimize the risk of compromise.
Risk Impact:
An improperly patched system offers an attacker a convenient method to exploit known vulnerabilities with minimal effort. Automated tools are constantly being developed by attackers to locate vulnerable systems. Moreover, a single exploitation of such a security gap can lead to the compromise of the merchants payment system infrastructure and result in a large-scale loss of data.
Risk Mitigation Strategy:
The timely application of security patches is key to managing this vulnerability...
3. Vendor-Supplied Default Settings and Passwords...
4. SQL Injection...
5. Unnecessary and Vulnerable Services on Servers...
full guide: http://www.uschamber.com/NR/rdonlyres/ey..._alert.pdf