Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management

    CardSystems Solutions Becomes a Cautionary Tale

    By
    Larry Loeb
    -
    July 21, 2005
    Share
    Facebook
    Twitter
    Linkedin

      Poor old CardSystems Solutions got thwacked in the head with a major trout this week by Visa and American Express.

      Both companies said that they would no longer do business with the ACH (automated clearing house). MasterCard has given CSS until the end of August to demonstrate compliance with MCs standards or face the same cutoff.

      It doesnt look good for CardSystemss long-term survival unless it can pull a rabbit out of the proverbial hat—and soon.

      Youd think that just because CSS screwed around with hundreds of thousands of credit-card accounts, that the credit-card industry would enforce the normal penalty of a wrist-slap and continue business as usual. Or at most, impose some token monetary penalty. Not this time. The industry pulled the plug.

      This sends message(s) to the entire ACH infrastructure. The first is “Were serious.”

      Never before has an ACH been blackballed for security malfeasance. Never. This kind of action by the credit card companies is groundbreaking in its scope.

      The second message is “Wake up, you could be next.”

      All of the ACH players have to be nervous right about now. The 12-step program mandated by the Payment Card Industry Data Security Standard, which was introduced late last year, is about to be enforced by the card companies.

      The standard means that “best practices” for IT, not just “acceptable practices” have to be used by anyone in the supply chain.

      That means an ACH has to spend money for IT upgrades and revisions, which will standardize the IT practices for all of the card-issuing companies. Some of the ACHs wont be ready to comply so fast. Theyve been dragging their feet on this, hoping it will go away. It wont.

      The Lesson

      In a way, CSS did everyone a favor. It showed how flawed our current financial IT infrastructure is in everyday practice.

      /zimages/6/28571.gifMicrosoft plans to buy secure messaging company. Click here to read more.

      No one ever heard of CSS before the problems arose. You wont hear about many places that have even worse security policies in place until something goes wrong and they get caught with their firewalls down.

      The root problem of all of this is that our current financial system confuses identification with authorization. A social security number was always envisioned to be something that was for SS purposes only, not as something that served as an identification/authorization token.

      But Federal law has changed. USC 405 [C] and subsequent sections state that its just fine for any state or government agency to require an individual to provide their SSN: “[…] for the purpose of establishing the identification of individuals affected by such law […].” Pretty clear.

      Some businesses have come to rely on the SSN as a unique identifier for someone (and by inference a token for authorization), and this will have to stop if we are ever to have a secure financial infrastructure.

      /zimages/6/28571.gifAfter a series of high-profile data thefts, experts rethink network security. Click here to read more.

      This may be hard to do, but we will know that a real change has happened when this kind of screw-up happens in the future and nobody really cares because it wont adversely affect them.

      Larry Loeb was consulting editor for BYTE magazine and senior editor of WebWeek. He serves as a subject matter expert for the Department of Defenses Information Assurance Technology Analysis Center, and is on the American Dental Associations WG-1 and MD 156 electronic medical records working groups. Larrys latest book is “Hackproofing XML,” published by Syngress (Rockland, Mass.). If youve got a tip for Larry, contact him at nospamloeb-pbc@yahoo.com.

      /zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Larry Loeb
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×