|
|
|
|
|
|
In environments where users browse to a 3rd party payment processor, they are still
required to key data in to the site to facilitate card payments. Although the user
does not store or process the card data, they are responsible for transmitting it.
It is possible that a keylogger (or equivalent) could be installed on their workstation
which is then used in turn to harvest card data.
Although the risk of such an attack might result in a smaller exposure than a database
of card data being compromised, it does still pose a level of risk to a merchant.
In January 2010 the PCI Security Council announced that they will give Virtual Terminal
access special consideration over the following months. Merchants can expect further
clarification around this topic throughout 2010 and 2011.
|
|
|
To find out more about how Nettitude can help you with your Compliance requirements,
please complete our contact form,
and a Consultant will respond to your enquiry.