Thursday, July 21, 2005

Amex and Visa Punt Online Processor Responsible for Data Leak

Good news! The penalty phase for poor data security by online processors has arrived after literally tens of millions of of customer data records had been lost or stolen this year. The rules of the game are finally changing.

The penalty is death -- of the company responsible. Details of up to 40 million payments cards, including names, account numbers and expiration dates, are believed to have been taken out of a database system run by CardSystems—the biggest such privacy violation ever reported. In June, CardSystems Solutions, which processes credit cards for 115,000 U.S. merchants, revealed it had mishandled customer data by storing data on customers—in violation of Visa and MasterCard's security standards.

Both American Express and Visa are ceasing doing business with CardSystems by October. I suspect MasterCard will follow suit based on what their competitors are doing -- and MasterCard's suddenly increased liability. With nothing to interchange, I cannot see a way for CardSystems to stay in business.

Let that be an object lesson to the CEO's of companies with less than effective internal and external controls. These data privacy violations have got to be taken seriously.

Update: During congressional testimony Thursday, executives from bank and credit card companies involved in the largest credit card data loss ever pointed fingers at a new culprit for gaps in security: the auditors who had certified the credit card processing systems as being up to snuff. Now I've heard everything. Let's blame the auditors for our security problems...and the dog ate my homework.

No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.