Home » CyberSecurity » ThreatIntel » Security Standards Council: New QIR Training

Security Standards Council: New QIR Training

The Security Standards Council (SSC), launched as a global forum in 2006 for establishing a security framework for the payment card industry (PCI), has launched a new training program. This program is aimed at integrators and re-sellers of validated payment applications, i.e., equipment and software used to drive the millions of global electronic transactions processes by merchants and banks every year. This includes Point-of-Sale (POS) systems, PIN transactions, scanning systems, ATM systems, middle-ware and other types of equipment used in the PCI.

SSC already provides a wide range of training programs for:

  • Qualified security assessors;
  • Payment application qualified security assessors;
  • Internal security assessors;
  • PCI forensic investigators; and
  • PCI point-to-point encryption.

This new one is an important link in the global security ecosystem that represents a proactive approach to a growing global problem.

According the Verizon’s 2012 Data Breach Investigations Report two categories of merchants made up almost 75% of the 855 data breaches investigated by the RISK consortium. They reported that, in 2011, 174 million electronic records were compromised.

Target industry groups for data breaches

Click on image to enlarge

As you can see, merchants using Point-of-Sale (POS) and eCommerce-based credit card processing technologies in the Accommodation and Food Services category made up 54% of the reported data breaches. Retail Trade made up another 20% of the breached data.

Another interesting graph from the report shows the origin of many of the exploits.

Origin of cybercrime attacks

Click on image to enlarge

Sixty-seven percent of the “external agents” exploiting companies around the world originate in Eastern Europe (including Turkey and Russia). Small- to medium-sized companies that do not have in-house expertise to implement secure systems are especially vulnerable. The criminal syndicates are now conducting “high-volume, low-risk attacks against weaker targets.”

 

Companies that operate in the payment card industry ecosystem should familiarize themselves with the new data and increasing risks that are posed in the process of financial transactions.