The PCI Council is pushing a new training program designed to enhance point-of-sale security in light of recent data breaches that have occurred throughout the country, such as with Michaels, Subway restaurants and Penn Station in New York City.
From a Bank Info Security article:
“The program was created specifically in response to incidents we see when a breach occurs after one of these guys does a poor job of installing the systems,” PCI Council chair Bob Russo says. “Integrators and resellers really play a key role. So we’re trying to fill the gaps.”
Russo says most of these types of attacks can be traced back to remote-access portals that were either left open or were inadequately secured. While the new program is meant to educate merchants and those companies that install POS systems, Russo believes the card issuers should pay attention to these efforts as a breach affects them as well.
Despite this new initiative, the Council is not without detractors the past few years, especially recently because of the aforementioned breaches. Some POS device makers have called the Council’s protocols ineffective. Company executives have publicly stated authentication should be the primary focus at the point-of-sale, which the PIN-debit networks also stand behind.
Click here to read more from Bank Info Security.