Tuesday, June 28, 2005

The winner so far: CardSystems Solutions


NETWORK WORLD NEWSLETTER: GIBBS & BRADNER
06/28/05

Dear networking.world@gmail.com,

In this issue:

* Net Insider columnist Scott Bradner wonders why CardSystems is
  still in the credit card processing business
* Links related to Gibbs & Bradner
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Hewlett Packard
Choose the Best Architecture

Learn how controller-based architecture for tape libraries best
meets reliability and interoperability requirements in
enterprise storage area networks. Details include how the
introduction of the HP StorageWorks Extended Tape Library
Architecture defines the next generation of tape libraries in
enterprise SAN environments. Download the white paper now!
http://www.fattail.com/redir/redirect.asp?CID=107245
_______________________________________________________________
LICENSE TO KILL

Mainstream companies are starting to reap benefits from
harnessing unused computing power. By lashing together sometimes
hundreds of servers to create a powerful grid, businesses are
using their technology better. But software licensing,
organizational and cultural issues, and data management can be
barriers to grid adoption. Find out how to overcome these
barriers - click here:
http://www.fattail.com/redir/redirect.asp?CID=107379
_______________________________________________________________

Today's focus: The winner so far: CardSystems Solutions

By Scott Bradner

We have a new leader in the race to see which vendor can
quantitatively show the least regard for the people whose data
they hold. CardSystems Solutions, a third-party credit card
processor, now has admitted disregarding the credit card
industry security rules they should have been following. In
light of such a willful disregard of mandated rules, I do not
understand why CardSystems is still in the credit card
processing business.

Some industry leaders have told Congress it would be a bad idea
to require that credit card companies tell people their private
data might be at risk after a failure of computer or
organizational security. They have claimed that people would
soon become overwhelmed by all the notices and give up.

The industry seems determined to test that hypothesis. For the
last few months there has been a steady drumbeat of
announcements, most but not all driven by a California law that
requires such announcements when the privacy of people's
financial information is at risk.

So far, people and the media are still interested, at least in
the big cases such as a recent one in which a hacker accessed
information about 40 million credit card holders at CardSystems
( <http://www.cardsystems.com/> ).

I wonder what the reaction to a future breach exposing a mere 5
million people would be. The announcement of the break at
CardSystems came from MasterCard, but holders of all the major
brands of credit cards were at risk. Visa seemed a bit ticked
off that MasterCard has spilled the beans.

Visa said that it was working with law enforcement and it hoped
that MasterCard telling its cardholders the truth would not
hinder the investigation. Seems to me that Visa's priorities are
misplaced.

In my opinion, hiding the truth in the name of law enforcement
is an excuse to delay taking responsibility. MasterCard reported
that CardSystems did not meet the current Payment Card Industry
Security Standard. These mandates (
<http://www.networkworld.com/nlgibrad2884> ), which are actually
quite good, were supposed to be in effect at companies the size
of CardSystems last September (
<http://www.merchante-solutions.net/infosecurity/mandates.htm>
). Yet, half a year later, a company processing millions of
credit cards per year was ignoring parts of the standard and now
has admitted to doing so.

According to the payment card industry, failure to meet the
requirements can result in a permanent prohibition of
participation in credit card programs. If the payment card
industry is as serious about security as it claims to be, it
will use this willful disregard of its own rules to send a
message - it will permanently ban CardSystems from processing
credit card transactions.

I feel sorry for some of the people that work at CardSystems but
not sorry enough to suggest that the company be given a slap on
the wrist if it promises to be good in the future.

By the way, three days after this column is published the PCI
Security Standard will go into effect for all organizations that
process credit cards in any way. If you process credit cards, do
not mimic CardSystems - meet the standard.

Disclaimer: Harvard sets standards in some areas and follows
them in others but the university has not expressed an opinion
about CardSystems, so the above suggestion is my own.

Bradner is a consultant with Harvard University's University
Information Systems. He can be reached at
<mailto:sob@sobco.com>.
_______________________________________________________________
To contact: Scott Bradner

Bradner is a consultant with Harvard University's University
Information Systems. He can be reached at <mailto:sob@sobco.com>
_______________________________________________________________
This newsletter is sponsored by Hewlett Packard
Choose the Best Architecture

Learn how controller-based architecture for tape libraries best
meets reliability and interoperability requirements in
enterprise storage area networks. Details include how the
introduction of the HP StorageWorks Extended Tape Library
Architecture defines the next generation of tape libraries in
enterprise SAN environments. Download the white paper now!
http://www.fattail.com/redir/redirect.asp?CID=107244
_______________________________________________________________
ARCHIVE LINKS

Gibbs archive:
http://www.networkworld.com/columnists/gibbs.html

Bradner archive:
http://www.networkworld.com/columnists/bradner.html
_______________________________________________________________
FEATURED READER RESOURCE
CALL FOR ENTRIES: 2005 ENTERPRISE ALL-STAR AWARDS

Network World is looking for entries for its inaugural
Enterprise All-Star Awards program. The Enterprise All-Star
Awards will honor user organizations that demonstrate
exceptional use of network technology to further business
objectives. Network World will honor dozens of user
organizations from a wide variety of industries, based on a
technology category. Deadline: July 8. Enter today:
<http://www.networkworld.com/survey/easform.html?net>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at <http://www.subscribenw.com/nl2>

International subscribers click here:
<http://nww1.com/go/circ_promo.html>
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: networking.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

No comments:

Post a Comment