BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CardSystems Settles FTC Charges

From: lyger <lyger () attrition org>
Date: Thu, 23 Feb 2006 21:17:40 -0500 (EST)

In the case of CardSystems and their new companies, it might be because 
VISA is no longer doing business with them?

http://attrition.org/errata/dataloss/cardsystems04.html

What suprises me is that ChoicePoint was hit with a $15 million settlement 
and CardSystems, which was a much larger breach in terms of people 
affected, only has to "implement a comprehensive security program" and 
undergo ten audits over the next twenty years. 

On Thu, 23 Feb 2006, Adrian Sanabria wrote:

": " That doesn't make sense, unless I'm missing something...
": " 
": " VISA's PCI requirements require ANNUAL audits by an external auditor
": " already. So what good are the FTC's requirements if more stringent
": " ones were already in place by VISA?
": " 
": " Why not just require this of all companies handling large amounts of
": " sensitive financial data?
": " 
": " It is too little, too late, and the FTC is missing a big opportunity
": " to make a real difference. Everyone suprised?

_______________________________________________
Dataloss mailing list
Dataloss () attrition org
https://attrition.org/mailman/listinfo/dataloss
Previous By Date Next
Previous By Thread Next

Current thread: