CardSystems Compromises Data of 40 Million MasterCard and Visa Cardholders 6/20/2005 - 1,570 views, 1 Comment
|
Previous Article « Email Petition to Save NPR and PBS - Life Imitating Spam Imitating Life
Read Next Article » A Public Service Announcement from Aunty and a Friend
In case you were listening to the radio or televion news today, yes, you heard it right, and your ears were not deceiving you. The credit card information of 40 million MasterCard and Visa cardholders was compromised when someone hacked into the computers of Arizona-based CardSystems Solutions. 40 million. That makes the measily 35,000 accounts which were compromised in the ChoicePoint hacking seem paltry by comparison. Let me just say it again: 40 million Just how did this happen? Apparently a hacker had managed to install a Trojan which gave the hacker access to CardSystem’s network. And although the breach was only confirmed a few weeks ago, the breach apparently happened sometime at the end of last year. It is not known exactly how long the security hole remained open until CardSystems finally closed it. But that is not the reason that you should be unhappy with CardSystems. The reason that you should be unhappy with CardSystems is because they weren’t supposed to have the data in the first place! That’s right. CardSystems was not only not authorized to retain the data, but in fact they were affirmatively supposed to not store the data, which contained the credit card information of cards associated with failed transactions. CardSystems was bound by the terms of their agreements with both MasterCard and Visa to not retain cardholder information following transactions, and instead they kept the information in a file for “research purposes”. Admitted CardSystem’s Senior Vice President, Bill Reeves, “We were out of compliance and we recognize that file was out of compliance with the association rules.” Oh good. So what are you going to do about it? What can be done about it? There is little incentive for financial institutions to anything about it, points out Dan Clements, CEO of CardCops.com. In fact, with neither the consumer nor the bank on the hook for fraudulant purchases, and with the banks often charging merchants to reverse those transactions, Clement observes of the banks, “It’s a revenue stream for them.” So who here is ready to go back to good old cash?
|
|
Email the link for this page to a friend! |
Read more:
» Lawsuit Filed Against CardSystems Over Hack and Leak
» Visa and American Express Dump Security Blackhole CardSystems
» Republican Specter and Democrat Leahy Unite in Proposing New Personal Data Privacy and Security Law
For additional similar stories check out our archives on Hacking, Security
I say we all start suing these companies that have been so careless with our personal information and make THEM liable for any fraudulent transactions resulting from such carelessness. SOMEBODY needs to be held responsible. Doesn’t it seem strange that we are hearing about SO MANY breaches lately? This is, indeed, scary stuff.
Comment by V. Wilson — 6/21/2005 @ 12:39 pm