1. No category

Malware - PCI Security Standards Council

Protecting Your Customer’s
Payment Card Data from Malware
Recent headlines announcing organizations
falling victim to payment card breaches are
alarming for business owners. The Payment
Card Industry Security Standards Council
0000 0000
(PCI SSC) shares steps to take to ensure
your organization has the proper security
controls in place to prevent a breach caused by malware.
CreditCard
EXP 00/00
Bank Name
0000 0000
JOHN CITIZEN
Hackers often target low
hanging fruit:
canTCr@cKth!S827
N!ce_tRy_p@L
!LOVEmyD0g2
2d!fficult4Y
0u
78!
w0rD
$
$
a
P
same_as_login
• Weak or default passwords
n@me
myf!rst
myfirstname
ord
passw
• Outdated anti-virus software
• Unencrypted data
123456
• Access via 3rd party vendors with
weak security controls
What businesses are at risk?
G
MOM & POP’S
GROCERY CORP INC
• SMBs to Fortune 100 companies:
hackers don’t discriminate
• No organization is immune
from attack
What information is at risk?
Names, mailing addresses, credit/debit card numbers, expiry dates, phone
numbers and e-mail addresses.
Once a hacker finds a
vulnerability, malware is
installed and can travel
to networked systems
Electronic cash
registers and similar
point-of-sale systems
are targets
Malware can disguise
itself using wellknown and trusted
names
admin login
enter password:
123456
Once malware is installed, criminals can do any one of the
following:
• Sell the information
on a black market
• Use the information
for online purchases
• Create clone cards
for use in brick and
mortar stores
JOHN CITIZEN
PXE
C NHO
J
ZAN
MA
BLA
JOHN CITIZEN
Bank Name
Bank Name
0000 0000 0000 0000
CreditCard
EXP 00/00
CreditCard
JOHN CITIZEN
0000
EXP 00/00 0000 0000
0000
0000
EXP 00/00 0000 0000
0000
CITIZEN
0000 0000JOHN0000
0000
EXP 00/00
Bank Name
Bank Name
Bank Name
EXP 00/00
CreditCard
JOHN CITIZEN
0000 0000 0000 0000
CreditCard
erC
Ctid
dra
HOJ
CreditCard
tid
aB
TIC N
0000P0XE
00/0
NEZITI
N kn
aC
draCt
e
00
iderC rC
00
NE
ZI 000/00 0
TIC 0 P 0
0000NHOJ XE
00
0/0
000 0
ema
NEZI
00/00 PXE
0000
NEZITIC NHOJ
NEZITdI ra XE
C NHOJ
0000
dr
0B00
0 0 draCt
000 iderC
000
NEZ 00/00 PX0
E
ITI
0 000 draCtiCdeNHrCOJ
0 000 C
00/00tid0er
CP
0000
emaN000
kn0 a
0000
Nk
kn
aB
00
0000 000a0B 0000 0000
n
ema
aN
0000
00N0 kn
em0a
00a0B
em
00
emaN 00
kna0B
0
CreditCard
CITIZEN
0000 0000
EXP 00/00
0000 0000
JOHN
Bank Name
0000
0000 000
Bank
Name
CallCall
000.000.0000
for info
Bank
Name
000.0000.0000
JOHN CITIZEN
0000
e
EXP 00/00 0000 0000
0000
Bank Nam
Bank Name e
Bank Nam
JOHN CITIZEN
CreditCard
CreditCard
JOHN CITIZEN
CreditCard
CreditC0000
ard
0000 CreditCard
EXP 00/00 0000 0000
EXP 00/00 0000
Bank
0000Nam
0000
JOHN 0000
e
0000
EXP 00/00 CITIZEN
0000 0000
J.Citizen
Effect on businesses:
Effect on customers:
• Loss of consumer confidence
• Damage to brand image
• Loss of sales
• Fraudulent charges
• Inconvenience
• Damage to credit score
!
$
#!$%
?
!
?
Monthly
Statement
$ ...........................
$ ...........................
$ ...........................
Organizations need to develop a layered
approach to security.
PEOPLE
PROCESS
TECHNOLOGY
SECURITY
Vigilance is critical. Businesses must shift their perception of security from:
A MOMENT IN TIME SNAPSHOT
TO
BUSINESS AS USUAL
X
Reminder 2.
Reminder 1.
FEBFEB
0101
2020
: 24
: 45
: 24
: 45SYSTEM
SYSTEM
FEBFEB
0101
2020
: 24
: 46
: 24
: 46SYSTEM
SYSTEM
FEBFEB
0101
2020
: 24
: 47
: 24
: 47SYSTEM
SYSTEM
FEBFEB
0101
2020
: 24
: 48
: 24
: 48SYSTEM
SYSTEM
: 24
: 49SYSTEM
SYSTEM
FEBFEB
0101
2020
: 24
: 49
: 24
: 50SYSTEM
SYSTEM
FEBFEB
0101
2020
: 24
: 50
: 24
: 51SYSTEM
SYSTEM
FEBFEB
0101
2020
: 24
: 51
X
Your AntiVirus software is due
Here’s what you can do
right now:
✓
for an update.
OK
OK
Reminder 1.
is due for an update.
Use the latest anti-virus software
and keep patches up to date
✓ Review system logs manually or
use an automatic tool to check
for suspicious activity
✓ Update all default and staff
Reminder 3.
X
Pa$w0rD9
confirm new
password
Pa$w0rD9Reminder 5.
enter old
password
123456
enter new
password
Pa$w0rD9
confirm new
password
Pa$w0rD9
✓ Confirm that all third party vendors are
properly implementing and maintaining
security controls outlined in the PCI
Data Security Standard (PCI DSS)
Don’t Delay, Take Action
Against Malware Today!
www.pcisecuritystandards.org | @PCISSC
OK
OK
X
RE: Annual Security Check Reminder
Dear Clientco,
Just checking in to ensure that your system
security controls are up to date, as per the...
OK
OK
Reminder 4.
✓ Consider implementing a:
• PCI-approved point-of-interaction (POI) device with SRED functionality
• PCI-approved point-to-point
encryption (P2PE) solution
X
PCI APPROVED
X
Reminder 3.
passwords with secure passwords
Reminder 4.
123456
enter new
password
OK
FEBFEB
0101
2020
: 24
: 45
: 24
: 45SYSTEM
SYSTEM
FEBFEB
0101
2020
: 24
: 46
: 24
: 46SYSTEM
SYSTEM
FEBFEB
0101
2020
: 24
: 47
: 24
: 47SYSTEM
SYSTEM
FEBFEB
0101
2020
: 24
: 48
: 24
: 48SYSTEM
SYSTEM
: 24
: 49SYSTEM
SYSTEM
FEBFEB
0101
2020
: 24
: 49
: 24
: 50SYSTEM
SYSTEM
FEBFEB
0101
2020
: 24
: 50
: 24
: 51SYSTEM
SYSTEM
FEBFEB
0101
2020
: 24
: 51
OK
enter old
password
X
Reminder 2.
X
Your Horton AntiVirus software
X
X
PCI APPROVED
OK
X
Reminder 5.
RE: Annual Security Check
Reminder
Dear Clientco,
Just checking in to ensure
that your system security
controls are up to date, as
per the...
OK

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz