The Green Sheet Online Edition
May 5, 2007 • 07:05:02
Visa identifies apps storing sensitive data
Visa U.S.A. wants merchants and service providers to stop using payment applications that store sensitive cardholder data, a practice that makes them targets for data breaches. To get the word out, the card Association published a list of those applications, as well as upgrades for preventing data retention.
In April, Visa identified applications from six vendors needing attention: ICVerify Inc., Menusoft Systems Corp., Micros Systems Inc., Posera Software, Radiant Systems Inc. and Southern DataComm Inc.
The products are considered risky because they store prohibited cardholder data - such as full magnetic stripe (tracks 1 and 2), CVV2 (card verification value) and PIN data - after a transaction authorization occurs.
Visa said unscrupulous hackers will seek out such systems and exploit vulnerabilities to access the data.
Noncompliant payment applications are "an unacceptable risk to ... the entire payment system," Visa stated. "When driving merchants toward payment applications, agents should ensure the application has been validated against Visa's PABP [Payment Application Best Practices]."
The PABP, released in 2005, is a set of requirements for developing secure products that support compliance with the Payment Card Industry Data Security Standard and do not store prohibited data.
Visa advised merchants and service providers using any of the applications listed to install a vendor-supplied patch or to upgrade to a Visa-approved application (a list is posted at www.visa.com/cisp).
The card Association also warned that merchants should wipe "from all systems immediately" any stored full track data.
Whether you want to upgrade your POS offerings, find a payment gateway partner, bone up on fintech regs or PCI requirements, find an upcoming trade show, read about faster payments, or discover the latest innovations in merchant acquiring, The Green Sheet is the resource for you. Since 1983, we've helped empower and connect payments professionals, starting with the merchant level salespeople who bring tailored payment acceptance and digital commerce tools, along with a host of other business services to merchants across the globe. The Green Sheet Inc. is also a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals.
Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.
