Hannaford, the large grocery chain based in Maine(where we often shop) had 4,200,000 credit card numbersintercepted as they were being transmitted last month from store point-of-sale systems to their payments systems. The credit and debit numbers were intercepted and then transmitted in batches to a location overseas.
Hannaford claims to be PCI(Payment Card security standard) compliant, although, that has not been independently validated. For sure, PCI is critically important and goes a long way to protect card details but to insure protection of transit and payment systems, where hackers apparently are now focusing, you have to go beyond PCI! To Hannaford's credit they are now doing just that!
I was with a number of large banks in a financial security conference in Milan, Italy this month to study this issue. Our Tivoli architects have teamed with IBM ISS (internet security) to cover the 12 major areas of PCI compliance. More importantly we have products that go beyond PCI to provide more holistic protection. We are also developing this capability with companies such as ACI that providebanking applications.
After all, a supermarket 'chain' is only as strong as its weakest link, and it only takes one unmonitored port, for example, to destroy the credibility and trust of an enterprise.