This white paper outlines a new technique âparsing data in transitâ that Trustwave has found during its investigations of credit card compromise. Whatâs most unsettling about this trend is that a merchant can use a payment application or Point-of-Sale (POS) terminal that is compliant with the Payment Application Data Security Standard (PA-DSS) or Visaâs Payment Application Best Practice (PABP) but if they are not 100% compliant with the PCI DSS, they can still fall victim to this technique.
Additionally, Trustwave has found that smaller merchants continue to make up the largest group of merchants that get compromised. Most of these smaller merchants donât have an in-house IT staff and therefore rely on third parties to make sure theyâre compliant. These third parties often donât have skilled security experts that can confidently and accurately secure a merchant environment to be in compliance with the PCI DSS. While these smaller merchants donât make the media headlines, they compromise nearly 99% of all global merchants.