[Dataloss] Feds seek to nab credit card thieves in La., Miss.
Paul Ferguson
fergdawg at netzero.net
Tue Aug 19 03:15:37 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -- macwheel99 at wowway.com wrote:
>A company can buy some computer system and not install, or manage, it
properly.
I am more interested in whether they had any PCI audits or other security
audits, and what if anything the audits had to say about their state of
security preparedness.
>
>Here's what went wrong at TJX Max (click on preview to see document filed
>by
5/3 bank auditor AFTER the mess.) http://www.box.net/shared/ieae3qfqj9
>
> This is quite an eye-opener ... they had perfectly good computer systems,
>
but at some level of company leadership, there was no conception of their
security responsibilities, what it meant to be PCI compliant.
>
It was my understanding that (according to Evan Schuman at
StorefrontBacktalk):
"...Visa knew of the extensive security problems at TJX but decided to give
the retailer permission to remain non-compliant through Dec. 31, 2008,
according to documents filed in federal court Thursday."
http://storefrontbacktalk.com/story/110907visaletter
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
wj8DBQFIqjrPq1pz9mNUZTMRAqdoAKDpV5otrGpjHtgAS+JhRfj9oE1IKACg5+PE
/MG2rjpCo5fDWheWt8yvjVY=
=E1p1
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the Dataloss
mailing list