BreachExchange mailing list archives
Re: CardSystems Settles FTC Charges
From: lyger <lyger () attrition org>
Date: Thu, 23 Feb 2006 21:17:40 -0500 (EST)
In the case of CardSystems and their new companies, it might be because VISA is no longer doing business with them? http://attrition.org/errata/dataloss/cardsystems04.html What suprises me is that ChoicePoint was hit with a $15 million settlement and CardSystems, which was a much larger breach in terms of people affected, only has to "implement a comprehensive security program" and undergo ten audits over the next twenty years. On Thu, 23 Feb 2006, Adrian Sanabria wrote: ": " That doesn't make sense, unless I'm missing something... ": " ": " VISA's PCI requirements require ANNUAL audits by an external auditor ": " already. So what good are the FTC's requirements if more stringent ": " ones were already in place by VISA? ": " ": " Why not just require this of all companies handling large amounts of ": " sensitive financial data? ": " ": " It is too little, too late, and the FTC is missing a big opportunity ": " to make a real difference. Everyone suprised? _______________________________________________ Dataloss mailing list Dataloss () attrition org https://attrition.org/mailman/listinfo/dataloss
Current thread:
- CardSystems Settles FTC Charges lyger (Feb 23)
- Re: CardSystems Settles FTC Charges Adrian Sanabria (Feb 23)
- Re: CardSystems Settles FTC Charges lyger (Feb 23)
- Re: CardSystems Settles FTC Charges Chris Walsh (Feb 23)
- Re: CardSystems Settles FTC Charges Adrian Sanabria (Feb 27)
- Re: CardSystems Settles FTC Charges lyger (Feb 23)
- Re: CardSystems Settles FTC Charges Adam Shostack (Feb 23)
- Re: CardSystems Settles FTC Charges Adrian Sanabria (Feb 23)