[Dataloss] CardSystems Settles FTC Charges
lyger
lyger at attrition.org
Thu Feb 23 21:17:40 EST 2006
In the case of CardSystems and their new companies, it might be because
VISA is no longer doing business with them?
http://attrition.org/errata/dataloss/cardsystems04.html
What suprises me is that ChoicePoint was hit with a $15 million settlement
and CardSystems, which was a much larger breach in terms of people
affected, only has to "implement a comprehensive security program" and
undergo ten audits over the next twenty years.
On Thu, 23 Feb 2006, Adrian Sanabria wrote:
": " That doesn't make sense, unless I'm missing something...
": "
": " VISA's PCI requirements require ANNUAL audits by an external auditor
": " already. So what good are the FTC's requirements if more stringent
": " ones were already in place by VISA?
": "
": " Why not just require this of all companies handling large amounts of
": " sensitive financial data?
": "
": " It is too little, too late, and the FTC is missing a big opportunity
": " to make a real difference. Everyone suprised?
More information about the Dataloss
mailing list