221622 Resource 202618 202768 202768 1230077120205 1230095055648 Controlled PCI Compliance Does Not Equal Security Growing number of firms report hacker attacks after adhering to PCI Compliance regulations <p>An article about the <a title="Top 10 Security Breaches of 2008" href="http://www.bankinfosecurity.com/articles.php?art_id=1120&opg=1" target="_blank"><strong><u>top 10 security breaches of 2008</u></strong></a>, cited that 2 out of the 10 breaches were done to companies who were in compliance with PCI regulations.&nbsp; </p><p>Both Maine-based <strong>Hannaford Brothers grocery store chain </strong>and ski resort <strong>Okemo</strong> were hit by hackers that installed malicious software on their Websites to capture credit card data.&nbsp; And at the time of both attacks, the companies were PCI compliant.&nbsp; These firms now share company with the likes of&nbsp;Forever 21 &ndash; a retail clothing company &ndash; that was <a href="http://linuxinsider.com/story/security/64926.html"><strong><u>victim to a similar attack</u></strong></a> back in October. </p><p>I liked how the author summarized PCI compliance:&nbsp; </p><blockquote dir="ltr" style="MARGIN-RIGHT: 0px"><p><strong>Lesson Learned:</strong>&nbsp; PCI compliance is like a driver's license -- it may mean that a retailer has passed the test for compliance, but doesn't necessarily mean it is in compliance. </p></blockquote><p>At the risk of sounding redundant, we will stress again, that companies must do more that just attain PCI compliance.&nbsp; They must constantly test and re-test their Websites for the latest vulnerability threats, as 400 new ones emerge every month.</p><p>by<br /><strong>Erin Swanson<br /></strong><a href="mailto:Eswanson@cenzic.com"><strong><u>Eswanson@cenzic.com</u></strong></a></p> 9 application/xml false pci compliance Top 10 Security Breaches of 2008 Ghost of Christmas Past (TJX) Still Casts Specter on Present and Future http://www.bankinfosecurity.com/articles.php?art_id=1120&opg=1 Why Do Bad Things Happen to PCI-Compliant Companies? PCI DSS compliance does not equal security http://linuxinsider.com/story/security/64926.html PCI compliance is like a driver's license - it may mean that a retailer has passed the test for compliance, but doesn't necessarily mean it's in compliance. Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 127.0.0.1 127.0.0.1 eswanson 64.60.123.45 false true false false true 204329 false false true false false false true 202618 blog blogsite/Cenzic/web