For more information, please visit Teradata.com

1. How We Did The Investigations “ The Case of the Credit Card Breach” Brought to you by and

5. Taylor & Swift PCI DSS Security Audit Taylor & Swift passed an external PCI DSS audit that showed their systems to be compliant with the PCI DSS industry standard for protecting credit cards. Bob Shields gave a copy of the report to both Frazier and Lola to study

6. Taylor & Swift System Architecture (From PCI Audit) Lola notes that this is a common retail system architecture where credit card transactions collected at stores or the web flow through data centers to an EDW and ultimately to Back Up.

7. T&S’s Front-End (Store and Web, Data Center) Data Flow Processes and System Architecture T&S mini-batch loads POS data every hour to the data centers. Web transactions drop immediately into the data centers. The multiple data centers offer high availability as well as disaster recovery, in addition to workload balancing.

8. Taylor and Swift Back-Office Data Flows Data centers are used for inventory and ERP financial applications. Data flows at 1 hour intervals into Teradata for marketing and merchandising purposes.

12. Lola Investigated the Front-End Systems Lola worked with the Store and Web IT Groups. The system had a full PCI audit review and approval. This led the team to investigate the Front-End Systems. All systems came out clean with no intrusions and the data is protected from the swipe through the point where the transaction data moves to the data centers.

13. Frazier Investigated the Back-End Systems Frazier worked with the back-end team to investigate how credit cards are handled in the back-end processing at the data centers. The back-end system also had a full PCI audit review and approval. The back-end systems came out clean with no intrusions and the data is protected inside the back-end systems.

14. Frazier Checked the Role - and Time-Based Security Access Controls That Were Set Up In the case of the Credit Card Field, Protegrity’s tool defined 2 roles – one with High clearance, and one with Low, with access permission to the data only for High clearance only during daytime working hours. Frazier found that the Protegrity policy controls that were initially set up were not changed – no security hole there.

15. Frazier Ran A Protegrity Detailed Report on the Card Number Column – Decrease was the Clue! Frazier dug into the Protegrity reports on key data elements. In this case, the Production Credit Card Number – and found a suspicious dip in the number of daily touches.

16. Frazier Inspected Credit Card Column Access Frazier drilled down on each of the repositories and found that the touches of the Credit Card data in the SQL Servers dropped to 0

17. Core Problem: IT Swapped Out Protected Operational Data Stores at the Data Center, Forgot to Protect Lola and Frazier had a call with the Data Center IT Manager and found out that the staging databases had been changed - from SQL Server databases to another 3 rd party database. No PCI audit was done after the switch and the new databases had not been protected.

18. Audit Logs in SQL Servers in the Data Centers Show Suspicious Activity by a DBA Lola went back to the Log activity on the unprotected system and found some unusual SELECT * activities on Orders and Customers. The queries were executed by a DBA at the Las Vegas Data Center by the name of Joe Nagle.

19. Records from DBA Query Matched the List Pull Against the Complaining Customers Frazier ran a query to JOIN the 500 records with the complaints with the credit card transactions. All customers who were breached had shown the fraudulent activity in the unprotected database. They all matched!

20. The Culprit: Joe Nagel, DBA Lola worked with the data center IT people to pull the security tapes to make sure Joe was working that day … here he is exiting the facility in the early morning hours. Bob then confiscated his PC and found customer credit card information on his laptop. NABBED!