MasterCard halts remote POS security upgrades

Google Translate from English into Chinese (Simplified)

Google Translate from English into French

Google Translate from English into German

Google Translate from English into Italian

Google Translate from English into Japanese

Google Translate from English into Portuguese

Google Translate from English into Russian

Google Translate from English into Spanish

Testing and reviews
- Shareware
- Freeware

Search for software:

DISCLAIMER: Logging other people's keystrokes or breaking into other people's computer without their permission can be considered illegal by the courts of many countries. The monitoring software reviewed here is ONLY for authorized system administrators and/or owners of computers. We assume no liability and are not responsible for any misuse or damage caused by the keylogging software. The end user of this software is obliged to obey all applicable local, state, federal and other laws in his country of residence.

July 09th, 2009

MasterCard halts remote POS security upgrades

In a purported second major security change in recent weeks, MasterCard has decided to disallow merchants' use of remote key injection (RKI) services to install new encryption keys on point-of-sale (POS) systems, says a Gartner analyst.

Such a decision would mean that merchants hoping to upgrade the encryption on their POS terminals in an automated fashion over their networks wwould instead need to continue doing it manually and one terminal at a time in a secure off-site facility.

MasterCard's decision would also raise questions about the considerable investments made by payment systems vendors in developing remote key injection (RKI) capabilities over the past few years.

"Nobody understands the rationale for this," Gartner analyst Avivah Litan said, adding that she was informed recently of the development by two major retailers.

MasterCard did not respond to multple requests for comment and would neither confirm nor deny Litan's finding.

"This really [has thrown] a wrench in people's plans," Litan said. Merchants were counting on remote key injection for quickly upgrading their terminals to Triple Data Encryption Algorithm standards (TDES) as required under the Payment Card Industry Data Security Standard (PCI), she said. "POS vendors were all about to release this capability after spending lots of R&D and engineering money making it happen."

RKI technologies and services are designed to make the process of upgrading data encryption keys on POS terminals quicker and cheaper than current manual methods because keys can be distributed to multiple POS systems directly over secure network connections and the Internet.

The approach is believed to be faster and cheaper than current processes, which typically require each terminal to be removed from its usual location and taken to a secure room at an Encrypting Service Organization, where the key is installed manually by specialists.

The process can be especially cumbersome and time-consuming in situations where a company might have thousands of POS terminals which need to be upgraded at the same time.

Though it is still a relatively new capability, vendors such as Hypercom and Futurex have begun offering RKI services.

MasterCard's move, if confirmed, is "quite interesting," said Jim Huguelet, an independent PCI analyst. "Although not widespread, there is growing interest by merchants in RKI technologies that reduce the cost of ownership associated with periodic encryption key replacement," he said.

MasterCard's purported surprise decision comes at a time when merchants are under a deadline to migrate all of their point of sale terminals from DES to Triple DES by July 2010.

The deadline is part of a PCI requirement aimed at getting merchants to implement stronger encryption at retail locations. Amove by MasterCard to disallow RKI would make it all but certain that many organizations would miss that deadline by a wide margin, Litan said.

The move would mark a second major change MasterCard has made on security. On June 15, the company sent out an advisory to acquiring banks and payment processors stating that all Level 2 merchants -- or those processing between 1 million and 6 million payment cards annually -- would be required to undergo annual security audits by third-party assessors.

Previously, such merchants were only required to submit self-assessment questionnaire attesting to their compliance with PCI standards.

Source: ComputerWorld

	All news for September 18th, 2009:
	20:13	Microsoft Internet Explorer SSL security hole lingers
	20:11	Conservatives call for DNA databases to be reduced
	20:09	McAfee warns of bogus security suite
	20:08	Security market remains buoyant in choppy waters
	20:07	The good and bad of government in the cloud
	20:05	Vista, Windows 7 Are More Secure than Snow Leopard
	20:04	Will Google's Buy of reCAPTCHA Hurt Internet Security?
	20:01	HHS guts health-care breach notification law, groups warn
	20:00	Man gets 15 months for E-Trade skimming scam
	19:59	Sophisticated botnet causing a surge in click fraud
	19:59	Microsoft sues scareware scammers
	19:58	Software company fined for trading with the enemy
	19:58	Misdirected spyware infects Ohio hospital
	19:57	Firefox's Flash check drives 10M to Adobe's download
	19:55	Microsoft, Yahoo in informal talks with EU over search deal
	All news for September 17th, 2009:
	19:59	Wireless Intrusion Detection and Prevention Systems: Selection Criteria
	19:58	How to Compare and Use Wireless Intrusion Detection and Prevention Systems
	19:54	Social Networking a Tool for More Secure ID Management?
	19:52	1.8 million UK postcodes available online
	19:51	Batman 'glide' disabled in anti-piracy measure
	19:47	Study: eBay, Yahoo among most trusted companies
	19:45	One in eight Brits hit by identity theft
	19:44	Attack E-mails Use Fake Shipping Confirmation Ruse
	19:44	An Amazing Laptop Recovery Story
	19:41	Has Conroy's dept received filter report?
	19:39	Will security concerns darken Google's government cloud?
	19:35	New phishing attack chats up victims
	19:34	Report: Skype founders sue Skype
	19:34	Google buys reCAPTCHA to boost book scanning efforts
	19:33	Microsoft offers tools for secure application development

All news for September, 2009
All news for 2009 year
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year

DONATION: www.Anti-Keylogger.Org and www.Keylogger.Org is an independent research projects supported by a team of enthusiasts. If you find this project useful and would like to help foster its continued development, please consider making a donation.

Thanks in advance for your support!


	January 05th, 2010 New version of The Best Keylogger added! more


	September 18th, 2009 Microsoft Internet Explorer SSL security hole lingers more Conservatives call for DNA databases to be reduced more McAfee warns of bogus security suite more Security market remains buoyant in choppy waters more The good and bad of government in the cloud more Vista, Windows 7 Are More Secure than Snow Leopard more Will Google's Buy of reCAPTCHA Hurt Internet Security? more HHS guts health-care breach notification law, groups warn more Man gets 15 months for E-Trade skimming scam more Sophisticated botnet causing a surge in click fraud more Microsoft sues scareware scammers more Software company fined for trading with the enemy more Misdirected spyware infects Ohio hospital more Firefox's Flash check drives 10M to Adobe's download more Microsoft, Yahoo in informal talks with EU over search deal more


We are planning to redesign our site. We would like You to express your opinion in this respect. Would you like to leave the site as it is? What changes would you like to suggest?
	Yes, I like the site as it is.
	It's ok, but some changes are necessary.
	It should be changed completely.

Top

Top