==>will make certain that payment applications do not store sensitive data, such as the information typically stored on the magnetic stripe on the back of credit and debit cards
that is not enough: that the data passes through the system is enough IF there is a RAT ( spy trojan ) running in the processor at either the POS or bank end of the link.
having un-authorized software in either computer renders any security effort meaningless: even sending the PIN in an authorizing message over a separate link such as a cell phone test message.
to get security we MUST defeat un-authorized programming by a SHUT OUT.
that is not enough: that the data passes through the system is enough IF there is a RAT ( spy trojan ) running in the processor at either the POS or bank end of the link.
having un-authorized software in either computer renders any security effort meaningless: even sending the PIN in an authorizing message over a separate link such as a cell phone test message.
to get security we MUST defeat un-authorized programming by a SHUT OUT.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/724/2451#2451