funsec mailing list archives
Re: PCI roadblock?
From: Jeffrey Walton <noloader () gmail com>
Date: Mon, 16 Jan 2012 18:10:00 -0500
On Mon, Jan 16, 2012 at 5:09 PM, Rob, grandpa of Ryan, Trevor, Devon & Hannah <rmslade () shaw ca> wrote:
Maybe not. But this certainly is going to be interesting to watch. As well as being a great point for the legal domain ...
Nothing surprises me from the banking and credit card industries anymore. No evidence of a breach was found, yet the restaurant was still fined. Then the banks claimed loss against the restaurant, so the fines were increased and assets were seized. Amazing. Jeff ... In the wake of the alleged breach, Cisero’s, per rules imposed by the payment card industry, was required to hire a forensic investigations firm — from a list of six firms approved by Visa and MasterCard — to determine if a breach had occurred and if the restaurant was in compliance with the so-called PCI security standards that were adopted by the Payment Card Industry Council in 2005. The McCombs hired two firms, Cybertrust and Cadence Assurance. Both examined Cisero’s point-of-sale system (POS) and servers and found “no concrete evidence that the POS server suffered a security breach which led to the compromise of cardholder data” and no evidence that insiders had installed skimmers on card readers to collect account data. Cadence in fact determined that no evidence existed that payment card data of any kind was improperly taken from Cisero’s systems. ... Visa determined that the total cost of the liability for Cisero’s noncompliance was $1.33 million, but ultimately set the fine at $55,000, without explaining how it reached these figures, the McCombs claim. MasterCard stated that although it could have imposed a fine of up to $100,000 for the violation of storing card data, it decided to impose a fine of only $15,000. The fines increased after card issuers came forward claiming they suffered losses from the alleged breach. Under recovery programs run by Visa and MasterCard, card issuers that have suffered losses due to data breaches can recover these losses from the bank of the merchant accused of being the source of the breach. So after RBS Citizens Bank and Chase claimed they had suffered $13,849 in losses from fraudulent charges to their customer’s accounts as a result of the alleged breach of Cisero’s network, MasterCard added that to the fine, for a total of about $90,000. ... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- PCI roadblock? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 16)
- Re: PCI roadblock? Jeffrey Walton (Jan 16)