All the latest UK technology news, reviews and analysis
|
|
|
26 Jul 2005
Credit card processor CardSystems is likely to close following last month's theft of 40 million client records. The company lost two of its main customers last week, Visa and American Express.
CardSystems chief executive John Perry told the US House of Representatives last week that the firm will "be forced to permanently close its doors" unless the two credit card companies reconsider.
Further reading
Perry testified in a hearing about the security of credit card processing for a subcommittee on financial services. A PDF of his testimony is available for download here.
Visa sent a memorandum last week to inform banks that the credit card provider plans to cancel its contract with CardSystems.
"In violation of Visa's rules [CardSystems] did not have the appropriate controls in place to protect cardholder information," Rosetta Jones, vice president for Visa, told vnunet.com.
"Despite some remediation actions taken by the processor since the initial reporting of the data compromise, Visa cannot overlook the significant harm that the data compromise, and CardSystems' failure to maintain the required security protection, has had on Visa member financial institutions, merchants and cardholders."
American Express followed Visa's example, while MasterCard has extended its deadline until 31 August for CardSystems to prove that it complies with the firm's security requirements.
In what is believed to be the largest case of identity theft in history, hackers stole 40 million client records from CardSystems' database. MasterCard made the case public after its fraud fighting tools pointed out the hack.
CardSystems stored data in such a form that the hackers were able to trace the information back to individual accounts.
Perry acknowledged that this was in violation of the security standards demanded by Visa and MasterCard, and testified that the firm no longer stores such 'track data'.
The breach of CardSystems' computers dated back to September 2004, when a script was installed on its servers that periodically looked for specific file types.
"We know for certain that three files were wrongfully removed from the CardSystems platform," said Perry. The three files contained a total of 263,000 records for 239,000 account numbers.
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Are you looking for a new positing within the Testing...
A leading global provider of critical information to...
Want to work for one of the most dynamic, creative environments...
Want to work for one of the most dynamic, creative environments...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Worst Case?
> The worst case senaro is that a merchant is going to get stuck with the costs associated with a fraudulent use of card. Actually, the worst case is that many thousands of merchants will be stuck with the costs, lost merchandise and chargeback fees (the fees the MC, Visa, AMEX et al charge you for being the victim of a crime) as a result of millions of cards being compromised and the credit card companies refusing to cancel the compromised cards. I don't think you fully grasp the economic impact of this on the business community, and that these increased costs will ultimately be passed on to all consumers due to their failure.
Posted by: Brian G. 26 Jul 2005
Not identity theft
Like so many media presentations have done, this article tries to sensationalize what is really a case of potential credit card fraud. Noones identity can be assumed by the loss of a creditcard number. Noone can open up a new account in another's name with the information that was exposed in this situation. The worst case senaro is that a merchant is going to get stuck with the costs associated with a fraudulent use of card.
Posted by: Poquita 26 Jul 2005