|How do you perform on a test that checks if you can leak sensitive information such as credit card numbers? |
How are we testing?:
This test checks if a set of numbers that match the format of valid credit card numbers can be sent out over your network. Your network security infrastructure should easily identify these numbers as credit cards and apply a block to them.
Why is this test important?:
For organizations requiring PCI compliance, Credit Card data must be protected. Credit card numbers are often the target of criminals who use them to commit theft and fraud. When a breach of credit card information occurs, it can expose your organization to negative press attention, federal enforcement actions, lawsuits from customers whose information was compromised and other legal actions. You may also be assessed sizable penalties if you fail to comply with the numerous, and sometimes contradictory, requirements of various regional laws governing data breaches. Costs incurred include the provision of fraud monitoring for 1 year or more and remediation services to consumers affected.
How Frequently Do Data Breaches Occur?
Data breach incidents doubled to more than 1,400 annually over a 5-year period 2009-13 with a data breach in the US costing $188 per customer record in 2013. Recently, Home Depot, Target and the State of South Carolina revealed massive data breaches compromising the credit card numbers of millions of customers.
In Home Depot's case, the breach has triggered government investigations, possible fines and a review by ratings agencies.Source
|In the News:|
18 Jul 2017
Data leaks at Dow Jones, Verizon, and a GOP analytics firm show that companies are forgoing security best practices in order to quickly make it to the cloud.
15 Jul 2017
And over the weekend, Wall Street Journal parent Dow Jones & Co. said the records of 2.2 million customers, which in some cases included names, addresses, account information and the last four digits of credit card numbers, were left exposed in an ...
04 Jul 2017
Troy Hunt, the security researcher behind the haveibeenpwned website, warned that the leak contained partial payment details (the last four figures of credit card numbers) as well as names and other sensitive information. Expiry dates and the final ...