Fixed Isnt Good Enough for Payment Protection

 
 
By Evan Schuman  |  Posted 2005-09-02 Email Print this article Print
 
 
 
 
 
 
 

News Analysis: CardSystems violated contracts by not encrypting data and retaining data it wasn't supposed to—and then became the nation's largest data-theft victim. Now it wants bygones to be bygones.

When credit card processing firm CardSystems announced Thursday that an independent auditor had declared its systems sound, one CardSystems executive said he now wants Visa and American Express to take it back. CardSystems Inc. was at the center of the nations largest known data security breach back in May, when it reported that someone had broken into its systems and stolen the details of as many as 40 million payment cards, including names, account numbers and expiration dates. CardSystems might have been seen as the victim had it not admitted that it violated its contracts with Visa International Service Organization, American Express Co. and others, by failing to encrypt credit card transaction data and by keeping on file card verification numbers that are never supposed to be stored.
Those transgressions made the data theft much more dangerous, company officials conceded.
When CardSystems CEO John Perry testified to an investigating congressional committee in July, he said that an earlier audit, done by the Cable & Wireless Security unit now owned by Savvis Communications Corp., had failed to identify the encryption and data-retention problems. Saavis officials said the systems they were told to look at were fine at that time and that either the problems were on other machines or the sloppy procedures began after their audit had wrapped up.
The challenge of using security audits properly, and understanding what their results do and do not reveal, is becoming a major issue in retail payment systems. On Thursday, CardSystems announced that a new audit, from AmbironTrustWave, had been completed. Read the full story on CIOInsight.com: Fixed Isnt Good Enough for Payment Protection Check out eWEEK.coms for the latest news, views and analysis on technologys impact on retail.
 
 
 
 
Evan Schuman is the editor of CIOInsight.com's Retail industry center. He has covered retail technology issues since 1988 for Ziff-Davis, CMP Media, IDG, Penton, Lebhar-Friedman, VNU, BusinessWeek, Business 2.0 and United Press International, among others. He can be reached by e-mail at Evan.Schuman@ziffdavisenterprise.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel