[Dataloss] CardSystems Settles FTC Charges

Adrian Sanabria adrian.sanabria at gmail.com
Thu Feb 23 21:06:48 EST 2006


That doesn't make sense, unless I'm missing something...

VISA's PCI requirements require ANNUAL audits by an external auditor
already. So what good are the FTC's requirements if more stringent
ones were already in place by VISA?

Why not just require this of all companies handling large amounts of
sensitive financial data?

It is too little, too late, and the FTC is missing a big opportunity
to make a real difference. Everyone suprised?


On 2/23/06, lyger <lyger at attrition.org> wrote:
>
> http://www.ftc.gov/opa/2006/02/cardsystems_r.htm
>
> In the largest known compromise of financial data to date, CardSystems
> Solutions, Inc. and its successor, Solidus Networks, Inc., doing business
> as Pay By Touch Solutions, have agreed to settle Federal Trade Commission
> charges that CardSystems' failure to take appropriate security measures to
> protect the sensitive information of tens of millions of consumers was an
> unfair practice that violated federal law. According to the FTC, the
> security breach resulted in millions of dollars in fraudulent purchases.
> The settlement will require CardSystems and Pay By Touch to implement a
> comprehensive information security program and obtain audits by an
> independent third-party security professional every other year for 20
> years.
>
> [...]
>
> _______________________________________________
> Dataloss mailing list
> Dataloss at attrition.org
> https://attrition.org/mailman/listinfo/dataloss
>


More information about the Dataloss mailing list