Originally published July 15 2005
Cardsystems Solutions breach came after inspection proved it was compliant with standards
by Mike Adams, the Health Ranger, NaturalNews Editor
While Visa and MasterCard, on a second glance, found CardSystems lacking in security safeguards, the certification in June 2004 indicates that CardSystems was compliant with the safety standard.
Visa spokeswoman Rosetta Jones told Wired News that CardSystems Solutions received certification in June 2004 that it was compliant with the standard, but an assessment after the breach showed it was not compliant.
MasterCard International announced last Friday that intruders had accessed the data from CardSystems Solutions, a payment processing company based in Arizona, after placing a malicious script on the company's network.
The company was due this month for an annual audit to determine its ongoing compliance with the standard when it discovered the data breach in May.
The standard, called the Payment Card Industry Data Security Standard, or PCI, consists of 12 requirements (PDF), such as installing a firewall and anti-virus software and regularly updating virus definitions.
It applies to any merchant or service provider that processes, transmits or stores credit-card payments and places additional requirements on card issuers, such as banks, to ensure that merchants and service providers comply with the requirements and report breaches in a timely manner.
Since 2001, any business wishing to process credit-card transactions had to sign a contract binding them to the PCI standard and obtain a security audit from an approved assessor certifying their compliance.
The compliance requirement for the data standard goes into effect as federal lawmakers are discussing legislation to regulate businesses that deal with sensitive personal information in the wake of other high-profile data breaches and security failures at companies like ChoicePoint, Bank of America and CitiBank.
Schneier said the PCI standard has teeth, since it levies financial penalties and raises the cost of processing credit cards for companies that are caught not complying, but he said Visa and MasterCard now have to work out the compliance issues.
All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing LLC takes sole responsibility for all content. Truth Publishing sells no hard products and earns no money from the recommendation of products. NaturalNews.com is presented for educational and commentary purposes only and should not be construed as professional advice from any licensed practitioner. Truth Publishing assumes no responsibility for the use or misuse of this material. For the full terms of usage of this material, visit www.NaturalNews.com/terms.shtml