Just when you thought it was safe to get back into the water
June 21st, 2005
MasterCard has confirmed that a hacker got into the systems of Cardsystems Solutions and stole 40 million credit card numbers. Cardsystems Solutions is MasterCard’s Atlanta-based payment processor partner. Now the blame has finally come down onto Microsoft because Cardsystem Solutions had its systems running on Microsoft’s Windows 2000 operating system and IIS Server 5.0. What we are seeing here is how the blame is being pushed from company to company. The way I see it, MasterCard should be blamed for being irresponsible enough to have a partner like Cardsystems Solutions and Cardsystems Solutions should be blamed for not using the right patches or upgrading their software and also not storing the transaction data in encrypted form !. MasterCard does not have the details of the credit card numbers that have been compromised so if you have not been notified, don’t think you are safe. Keep an eye on your card transactions and contact your bank if you find irregular activity on your card. Hmmm, I can see the tagline in their next TV ad, ‘There are some things hackers can’t steal, for everything else, there’s MasterCard.’
1 Comment(s)
Comments RSS TrackBack Identifier URI
Leave a comment
[...] John M Perry, the head of the payment processing firm that was hacked to expose 40 million credit card numbers, told congress that his company is facing imminent extinction because of its disclosure of the breach and the industry’s reaction to it. ‘As a result of coming forward, we are being driven out of business’ and he also added that if his firm was forced to shut down, other companies will think twice before disclosing such attacks. First, if a company does not disclose an attack, not only will it be driven out of business but also face charges for not disclosing the attack. After this attack, a lot of processing companies will be monitored regularly so I don’t think any company could get away by just keeping silent about the fact that they have been hacked. Second, after an investigation was carried out by Visa, it was clear that CardSystems knowingly violated contractual requirements for how long credit card data were supposed to be stored and how they were secured. So what is John Perry trying to tell us? Is he trying to tell us that his company should be forgiven for their faults which exposed millions of consumers to possible fraud just because they told us about it? Would you forgive them? [...]