http://ajayshroff.com/21/just-when-you-thought-it-was-safe-to-get-back-into-the-water/ Sun, 21 Sep 2008 16:11:47 +0000 hourly 1 http://wordpress.org/?v=3.0.5 http://ajayshroff.com/21/just-when-you-thought-it-was-safe-to-get-back-into-the-water/comment-page-1/#comment-24 The Hitchhiker’s Guide to Technology Fri, 22 Jul 2005 12:10:37 +0000 http://ajayshroff.com/?p=13#comment-24 [...] John M Perry, the head of the payment processing firm that was hacked to expose 40 million credit card numbers, told congress that his company is facing imminent extinction because of its disclosure of the breach and the industry’s reaction to it. ‘As a result of coming forward, we are being driven out of business’ and he also added that if his firm was forced to shut down, other companies will think twice before disclosing such attacks. First, if a company does not disclose an attack, not only will it be driven out of business but also face charges for not disclosing the attack. After this attack, a lot of processing companies will be monitored regularly so I don’t think any company could get away by just keeping silent about the fact that they have been hacked. Second, after an investigation was carried out by Visa, it was clear that CardSystems knowingly violated contractual requirements for how long credit card data were supposed to be stored and how they were secured. So what is John Perry trying to tell us? Is he trying to tell us that his company should be forgiven for their faults which exposed millions of consumers to possible fraud just because they told us about it? Would you forgive them? [...] [...] John M Perry, the head of the payment processing firm that was hacked to expose 40 million credit card numbers, told congress that his company is facing imminent extinction because of its disclosure of the breach and the industry’s reaction to it. ‘As a result of coming forward, we are being driven out of business’ and he also added that if his firm was forced to shut down, other companies will think twice before disclosing such attacks. First, if a company does not disclose an attack, not only will it be driven out of business but also face charges for not disclosing the attack. After this attack, a lot of processing companies will be monitored regularly so I don’t think any company could get away by just keeping silent about the fact that they have been hacked. Second, after an investigation was carried out by Visa, it was clear that CardSystems knowingly violated contractual requirements for how long credit card data were supposed to be stored and how they were secured. So what is John Perry trying to tell us? Is he trying to tell us that his company should be forgiven for their faults which exposed millions of consumers to possible fraud just because they told us about it? Would you forgive them? [...]

]]>