Security News > 2005 > July > Re: Credit Data Firm Might Close

Re: Credit Data Firm Might Close
2005-07-26 05:39

Forwarded from: security curmudgeon Everyone grab their violins.. : http://www.washingtonpost.com/wp-dyn/content/article/2005/07/21/AR2005072102465.html : : By Jonathan Krim : Washington Post Staff Writer : July 22, 2005 : : The head of a payment processing firm that was infiltrated by computer : hackers, exposing as many as 40 million credit card holders to possible : fraud, told Congress yesterday that his company is "facing imminent : extinction" because of its disclosure of the breach and industry's : reaction to it. : : "As a result of coming forward, we are being driven out of business," : John M. Perry, chief executive of CardSystems Solutions Inc., told a : House Financial Services Committee subcommittee considering : data-protection legislation. He said that if his firm is forced to shut : down, other financial companies will think twice about disclosing such : attacks. Hi Mr. Perry. I'm California law. I *require* you to come forward over such a breach. You don't have a choice, you were not being altruistic, you were not being overly ethical. You were following the laws. : Perry called the decisions by Visa and American Express draconian and : said that unless Visa reconsiders, CardSystems would close and put 115 : people out of work. : While Perry said his company is doing everything it can to ensure that : such a breach never occurs again, Visa said it could not overlook that : CardSystems knowingly violated contractual requirements for how long : credit card data were supposed to be stored and how they were secured. CardSystems signed a contract with Visa saying that data would meet certain technical security specifications, and that it would adhere to a policy regarding data retention. This compromise shows that *both* failed, and Visa is not happy with CardSystems breaking said contract. This is business 101 folks. I feel bad about most of the employees that will lose their jobs, but CardSystems failed them and they are paying the price. As a Visa and AmEx card holder, I am quite happy. : Neither Perry nor representatives of the major credit card companies : could explain at the hearing why an audit of CardSystems in 2003 did not : address its computer vulnerabilities or its practice of retaining some : data for research purposes. Hope it leaks out which security firm did this audit! _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com


News URL

http://www.washingtonpost.com/wp-dyn/content/article/2005/07/21/AR2005072102465.html