Computerworld
Quick Menu
Search



Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Visa, Amex cut ties with processing firm hit by security breach

After October, CardSystems won't be allowed to process their transactions
 

Sign up to receive Security Resource Alerts

July 20, 2005 (Computerworld) -- Visa U.S.A. Inc. and American Express Co. are terminating their contracts with a credit card transaction processing company that was hit by hacker attacks, potentially exposing 40 million card numbers to online intruders.
In separate announcements, Visa and American Express said they are ending their relationships with CardSystems Solutions Inc. in Atlanta because the company didn't meet its contractual requirements in providing processing services for merchants that accept the credit cards. The companies will no longer allow CardSystems to process their transactions after October.
Rosetta Jones, a spokeswoman for San Francisco-based Visa, said in a statement that the action against CardSystems comes "after an internal and forensics review of its processing practices demonstrated that -- in violation of Visa's rules -- it did not have the appropriate controls in place to protect cardholder information."
"Despite some remediation actions taken by the processor since the initial reporting of the data compromise, Visa cannot overlook the significant harm the data compromise and CardSystems' failure to maintain the required security protections has had on Visa member financial institutions and merchants, as well as the significant concerns it has raised for cardholders," Jones said. "CardSystems has not corrected, and cannot at this point correct, the failure to provide proper data security for Visa accounts."
CardSystems apparently kept credit cardholder data on file after the transactions were processed, in violation of its agreement with Visa, she said. Because the data was still on file, it could be accessed by intruders. "Visa's security requirements were adopted precisely for the purpose of protecting cardholder information and guarding against the type of data compromise recently experienced by CardSystems," Jones said.
Judy Tenzer, a spokeswoman for New York-based American Express, would not comment on the direct cause for the termination of the processing arrangements with CardSystems.

A spokesman for CardSystems didn't respond to numerous messages left by a reporter today.
Last month, MasterCard International Inc. announced that 13.9 million of its credit card numbers were among the 40 million that may have been accessed by intruders who apparently infiltrated CardSystems' network (see Security breach may have exposed 40M credit cards). A MasterCard spokeswoman said the credit card company's fraud-detection system first became aware of the infiltration in May and the company promptly launched an investigation into the breach.
In a statement yesterday, Purchase, N.Y.-based MasterCard said it will continue to allow CardSystems to provide transaction processing services because the company has worked to improve its security and procedures since the earlier incidents.
"MasterCard has required CardSystems Solutions to develop a detailed plan to bring its systems into compliance with MasterCard security requirements by August 31, 2005," the statement said.

Continued...
1 | 2 | NEXT  



Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story
"I had a chuckle when I read Gregg Keizer's article "..." Read more...
Read more Security posts or See all Blogs
'Experimental' security fix is malware, Microsoft says
Tough economic climate can heighten insider threat
Top security suites fail exploit tests
More top stories...
16 e-mail and instant messaging boosters
Microsoft readies first attack forecast
NASA follows Mars successes with plans for $2B super rover
How bad? 'I thought I was going to throw up,' Jennifer Brunner recalls.
Think your project's off track and over budget? Learn a lesson or two from these infamous project flameouts.
In our hands-on testing, the new Xohm WiMax network from Sprint was fast and smooth -- but for now, you have to be in Baltimore to get it.
College student David Kernell allegedly broke into a middle school server eight years ago, according to a former teacher.
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Business Continuity Zone
The File Data Management Zone
Security Management Zone
The SAS Zone
Business Intelligence and Analytics Zone
Windows Protection Zone
The Enterprise Search Zone
Software as a Service Zone
The Security Zone

Ads by TechWords

See your link here
Moving to Windows Vista: The Promise, The Reality
Moving to Windows Vista: The Promise, The Reality
View this exclusive webcast today!
Go to the webcast 
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs.
(Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more.
Download this executive briefing download
Quick Sizing Guide for SAS Grid Running on HP BladeSystems and EVA Storage
Download this white paper today!
(Source: HP) Designed for CIOs, IT managers, data center managers and grid computing architects seeking to improve performance, SAS Grid Computing on the HP BladeSystem c-Class helps accelerate growth and mitigate risks with a simplified, consolidated infrastructure that's agile enough to efficiently handle change. SAS Grid Manager on HP BladeSystem can lower costs through automation, virtualization and improved IT efficiency.
Download this white paper go
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
LIVEWIRE™: Full-Server Protecting and Recovery in Real-Time
Eliminate Tape Restores with TimeData CDP
Protecting Sharepoint with Double-Take for Windows 5.0
View more whitepapers