Monday, June 20, 2005

FBI Investigating Security Breach at Third Party Payment Processor

The FBI is investigating a security breach at CardSystems Solutions,
Inc., an Atlanta-based payment processor with a processing center in
Tucson, AZ. As many as 40 million credit card accounts may have been
exposed after a malicious script that harvests data infiltrated the
CardSystems network. The breach was discovered on May 22, but took
place some time in late 2004. CardSystems Solutions CEO John M. Perry
says the account data were being improperly retained, running contrary
to industry practices; Visa and MasterCard have established rules
requiring that payment processors not retain account data once a
transaction has been completed. please check complete information

businessweek
CNN
Sfgate
Boston news
MSNBC



[Editor's Note (Ranum): Visa and MasterCard have rules about how data
should be handled by their business partners. This is the first case
I've seen come to public attention in which the Visa/MC standard was
recognized but allegedly not followed. That's the basis for an
interesting lawsuit. It also reveals the profound lack of teeth in
policies and procedures. It doesn't matter how good your policies are
on paper if they're not followed.]

No comments:

Post a Comment