Re: CardSystems Settles FTC Charges

["Adrian Sanabria" <adrian.sanabria () gmail com>]

That doesn't make sense, unless I'm missing something...

VISA's PCI requirements require ANNUAL audits by an external auditor
already. So what good are the FTC's requirements if more stringent
ones were already in place by VISA?

Why not just require this of all companies handling large amounts of
sensitive financial data?

It is too little, too late, and the FTC is missing a big opportunity
to make a real difference. Everyone suprised?


On 2/23/06, lyger <lyger () attrition org> wrote:
> http://www.ftc.gov/opa/2006/02/cardsystems_r.htm
>
> In the largest known compromise of financial data to date, CardSystems
> Solutions, Inc. and its successor, Solidus Networks, Inc., doing business
> as Pay By Touch Solutions, have agreed to settle Federal Trade Commission
> charges that CardSystems' failure to take appropriate security measures to
> protect the sensitive information of tens of millions of consumers was an
> unfair practice that violated federal law. According to the FTC, the
> security breach resulted in millions of dollars in fraudulent purchases.
> The settlement will require CardSystems and Pay By Touch to implement a
> comprehensive information security program and obtain audits by an
> independent third-party security professional every other year for 20
> years.
>
> [...]
>
> _______________________________________________
> Dataloss mailing list
> Dataloss () attrition org
> https://attrition.org/mailman/listinfo/dataloss

_______________________________________________
Dataloss mailing list
Dataloss () attrition org
https://attrition.org/mailman/listinfo/dataloss