Hackers open new front in payment card data thefts, bypassing PCI Compliance

Security managers often describe their efforts to protect corporate data from being compromised as a full-fledged battle of wits against cybercrooks who are continually arming themselves with innovative tools and methods of attack.

The security breaches disclosed last month by Hannaford Bros. and Okemo ski resort -- along with unconfirmed reports of dozens of similar network intrusions -- suggest that a new front may have opened up in the battle.

The recent incidents have also prompted some to question whether the payment card industry's highly publicized data security standards are fully equipping companies to fend off attackers.

What's noteworthy about the Hannaford and Okemo breaches is that they both involved the theft of data in transit -- credit and debit card information that was being transmitted from point-of-sale systems to payment processors in order to authorize transactions.