1. Storage of mag stripe data - The most common
cause of data breaches occurs when a merchant or service provider stores
sensitive information encoded on the card's mag stripe in violation of
PCI. This can happen because a number of POS systems improperly store
this data, and the merchant may not be aware of it.
2. Missing or outdated security patches - In
this scenario, hackers are able to penetrate merchants' or service
providers' systems because they have not installed up-to-date security
patches, leaving their systems vulnerable to intrusion.
3. Use of vendor supplied default settings and
passwords - In many cases, merchants receive POS hardware or software
from outside vendors, which install them using default settings and
passwords that are often widely known to hackers and easy to guess.
4. SQL injection - Criminals use this technique
to exploit Web-based applications for coding vulnerabilities and to
attack a merchant's Internet applications (e.g. shopping carts).
5. Unnecessary and vulnerable services on
servers - Vendors often ship servers with unnecessary services and
applications enabled, although the user may not be aware of it. Because
the services may not be required, security patches and upgrades may be
ignored and the merchant system exposed to attack.
