Brian Krebs reported yesterday in his Krebs on Security blog that there has been a security breach at Global Payments that "may involve more than 10 million compromised card numbers." In terms of allaying consumer concerns about mobile and internet commerce, this is not the kind of headline the industry needs.
According to CNN/Money, "Global Payments (GPN) processed $167.3 billion worth of transactions in its last fiscal year, which ended May 31, 2011. Global Payments specializing in serving small merchants, like mom-and-pop businesses and local retailers." Global Payments say that it discovered the breach in early March, but, according to Krebs, "VISA and MasterCard began warning banks about specific cards that may have been compromised. The card associations stated that the breached credit card processor was compromised between Jan. 21, 2012 and Feb. 25, 2012. The alerts also said that full Track 1 and Track 2 data was taken meaning that the information could be used to counterfeit new cards."
Visa and MC have not directly confirmed that GPN was the source of the breach, but that fact was confirmed by The Wall Street Journal later in the day. As the story progressed, estimates of the damage went from hundreds of thousands to the present 10 million+. It was a great piece of tag team journalism that brought all of the pieces together so quickly once the initial announcement was made.
Again, according to Krebs, "Global Payments will hold a conference call Monday, April 2, 2012 at 8:00 AM EDT. Callers may access the conference call via the investor relations page of the Company's Web site atwww.globalpaymentsinc.com by clicking the 'Webcast' button; or callers in North America may dial 1-888-895-3550 and callers outside North America may dial 1-706-758-8809. The pass code is 'GPN.'" The little-known Atlanta-based company will spend the weekend trying to assess the damage, but the real question is can't more be done to prevent these breaches?
Clearly the current Payment Card Industry Data Security Standards (PCI-DSS) are inadequate and need to be revised, but better credit cards themselves would vastly increase security. Gartner security analyst Avivah Litan told CNN/MONEY that she is "skeptical about whether the credit card industry will invest the money and time required to switch to a more secure system, like 'smart cards' embedded with chips, which are used in some foreign countries. 'It's cheaper for them to deal with these breaches than to make all those chip cards.'"
This gets to the heart of consumers' fears about data security of all kindsthat their interests have been triaged to the greater cause of efficient data flow. Even if they are not actually liable for any fraudulent charges, their lives can be disrupted significantly at any momentand nobody gets reimbursed for that.
No hay comentarios:
Publicar un comentario