CardSystems Solutions, the credit-card payment processor at the center of one of the biggest data breaches in recent history, said on Thursday that it hoped to comply with the industry's security standards by the end of next month, at least eight months after data thieves installed software on its computer network to facilitate a break-in.
CardSystems disclosed last month that its computer network in Tucson, Arizona, had been compromised, putting the sensitive account information of as many as 40 million cardholders at risk for fraud.
The company's chief executive, John Perry, acknowledged that CardSystems had been improperly storing data, violating Visa and MasterCard security rules.
On Thursday, CardSystems said it had hired AmbironTrustWave, a security auditor based in Chicago, to assess its data-protection technology, policies and practices. Perry said on June 19 that data thieves had obtained from CardSystems' computer network a file containing the names, account numbers and security code data of about 200,000 cardholders. A person briefed on the matter said that software had been installed secretly on the network to facilitate the theft.
MasterCard and Visa said storing the information on the 200,000 cardholders, even for what Perry called "research purposes," was in violation of their security rules.
At the time, Perry said that the company was taking steps to remedy that practice and that it "no longer stored that data on files." It is unclear if CardSystems was working with another security specialist at that time, but since the incident was disclosed, it said it has bought new software to bolster data protection.
While MasterCard disclosed the incident on June 18, it said that it had focused on CardSystems from as early as April this year. MasterCard did not conclude that the processor's systems had been breached until a forensic investigation by Cybertrust of Herndon, Virginia, in mid-May. But an Australian bank said that it was able to detect fraud related to CardSystems as early as the end of last year.
Even before the breach, CardSystems had taken steps to improve its security. In December 2003, it hired Cable and Wireless Americas, now part of Savvis Communications, to conduct a similar security audit for compliance with Visa rules. Savvis said the company made some improvements and was certified by Visa in June last year. MasterCard said CardSystems was never certified as compliant with its security rules; Visa said CardSystems was no longer in compliance after Visa investigated the processor in May.
Nonetheless, CardSystems was allowed to handle millions of consumer transactions by both card companies and other major brands like Discover Financial and American Express.
STILL DANGEROUS: The typhoon was expected to weaken, but it would still maintain its structure, with high winds and heavy rain, the weather agency said One person had died amid heavy winds and rain brought by Typhoon Krathon, while 70 were injured and two people were unaccounted for, the Central Emergency Operation Center said yesterday, while work and classes have been canceled nationwide today for the second day. The Hualien County Fire Department said that a man in his 70s had fallen to his death at about 11am on Tuesday while trimming a tree at his home in Shoufeng Township (壽豐). Meanwhile, the Yunlin County Fire Department received a report of a person falling into the sea at about 1pm on Tuesday, but had to suspend search-and-rescue
RULES BROKEN: The MAC warned Chinese not to say anything that would be harmful to the autonomous status of Taiwan or undermine its sovereignty A Chinese couple accused of disrupting a pro-democracy event in Taipei organized by Hong Kong residents has been deported, the National Immigration Agency said in a statement yesterday afternoon. A Chinese man, surnamed Yao (姚), and his wife were escorted by immigration officials to Taiwan Taoyuan International Airport, where they boarded a flight to China before noon yesterday, the agency said. The agency said that it had annulled the couple’s entry permits, citing alleged contraventions of the Regulations Governing the Approval of Entry of People of the Mainland Area into the Taiwan Area (大陸地區人民進入台灣地區許可辦法). The couple applied to visit a family member in
CELEBRATION: The PRC turned 75 on Oct. 1, but the Republic of China is older. The PRC could never be the homeland of the people of the ROC, Lai said The People’s Republic of China (PRC) could not be the “motherland” of the people of the Republic of China (ROC), President William Lai (賴清德) said yesterday. Lai made the remarks in a speech at a Double Ten National Day gala in Taipei, which is part of National Day celebrations that are to culminate in a fireworks display in Yunlin County on Thursday night next week. Lai wished the country a happy birthday and called on attendees to enjoy the performances and activities while keeping in mind that the ROC is a sovereign and independent nation. He appealed for everyone to always love their
‘EXTREME PRESSURE’: Beijing’s goal is to ‘force Taiwan to make mistakes,’ Admiral Tang Hua said, adding that mishaps could serve as ‘excuses’ for launching a blockade China’s authoritarian expansionism threatens not only Taiwan, but the rules-based international order, the navy said yesterday, after its top commander said in an interview that the Chinese People’s Liberation Army (PLA) could blockade the nation at will. The object of Beijing’s expansionist activities is not limited to Taiwan and its use of pressure is not confined to specific political groups or people, the navy said in a statement. China utilizes a mixture of cognitive warfare and “gray zone” military activities to pressure Taiwan, the navy said, adding that PLA sea and air forces are compressing the nation’s defensive depth. The navy continues to