Skip to content

Tesco Online Internet Security Flaw

by Phil O'Kane on July 29th, 2012

Tesco have failed at making their system secure and up to the standards of the Payment Card Industry (PCI) Data Security Standard by sending users passwords in plain-text format over email. This is a huge security issue for a a company of its size, and with all the person information stored by users.

Requirement:
3.4.a
Testing procedure:
Obtain and examine documentation about the system used to protect the PAN, including the vendor, type of system/process, and the encryption algorithms (if applicable). Verify that the PAN is rendered unreadable using any of the following methods:

  • One-way hashes based on strong cryptography
  • Truncation
  • Index tokens and pads, with the pads being securely stored
  • Strong cryptography, with associated key-management processes and procedures

The very same issue regarding Tesco’s huge security issue was raised way back in 2007 by a blogger, Jemjabella and still nothing has been done about it. Will Tesco get their act together and resolve the issue this time? In the mean time, change your password!

From → Security

No comments yet

Leave a Reply

Note: XHTML is allowed. Your email address will never be published.

Subscribe to this comment feed via RSS