[ISN] Retailers warned to act now to protect against Backoff malware

http://www.computerworld.com/article/2599724/data-security/retailers-warned-to-act-now-to-protect-against-backoff-malware.html By Jaikumar Vijayan Computerworld Aug 27, 2014 The Payment Card Industry Security Standards Council on Wednesday issued a bulletin urging retailers to immediately review their security controls to ensure point-of-sale systems are protected against “Backoff,” a malware tool that was used in the massive data theft at retailer Target last year. The bulletin instructed all covered entities to update their antivirus suites and to change default and staff passwords controlling access to key payment systems and applications. The council, which is responsible for administering the PCI security standard, also urged merchants to inspect system logs for strange or unexplained activity, especially those involving transfers of large data sets to unknown locations. “The PCI Council additionally recommends that merchants consider implementing PCI-approved point-of-interaction (POI) devices” for encrypting credit and debit card data as the card is swiped or dipped into a payment terminal. Merchants should also consider deploying point-to-point encryption technologies to ensure that card data remains protected until received by a secure decryption facility, the advisory noted. […]