Dont shoot me, I am ‘just’ the messenger..maybe not
John M Perry, the head of the payment processing firm that was hacked to expose 40 million credit card numbers, told congress that his company is facing imminent extinction because of its disclosure of the breach and the industry’s reaction to it. ‘As a result of coming forward, we are being driven out of business’, he also added that if his firm was forced to shut down, other companies will think twice before disclosing such attacks. First, if a company does not disclose an attack, not only will it be driven out of business but also face charges for not disclosing the attack. After this attack, a lot of processing companies will be monitored regularly so I don’t think any company could get away by just keeping silent about the fact that they have been hacked. Second, after an investigation was carried out by Visa, it was clear that CardSystems knowingly violated contractual requirements for how long credit card data were supposed to be stored and how they were secured. So what is John Perry trying to tell us? Is he trying to tell us that his company should be forgiven for their faults which exposed millions of consumers to possible fraud just because they told us about it?
Would you forgive them?
22. July 2005 um 08:24
Hell no!! Damn mega-million companies… there’s always an excuse.
22. July 2005 um 12:22
It’s one thing if you had a system that was as secure as possible and the system was exploited by a top notch hacker or some such but when you haven’t done the UTMOST to protect the credit card numbers of your customers then you deserve whatever financial consequences you receive.
If someone has done their utmost then yes I can see why there should be some sort of protection for companies that disclose but then again would there be a negative impact on a company that did their best? I wouldn’t hold any ill feelings against a company that truely just happened to be a target and did everything they could to protect my information..