[Subscribe to Daily Digest] |
I thought there was something announced back in March concerning major VISA/MC compromise. But maybe I am confusing it with the one late last year. On the whole they undoutedly try to keep it pretty hush. Undoubtedly many CCs are compromised daily but many incidents may be small in scope and effect only limited number of cards. Sort of like accidents. You hear about the major ones but the less dramatic ones perhaps even where loss of life is involved might not get much attention. In these cases the CC companies just contact those effected if they even ever find out about the source of it at all.
As far as the caring goes of course they don't care about you and except for California I don't think there are really many regulations with any rea teeth on what they have to notifiy about.
Talking about security and to show how little companies care about your data. I was in the middle between a 3rd party vendor that wanted to change the transfer method of a file containing employee full names, home addresses, and social security numbers and a fortune 500 company that I was working. The file had been going PGP encrypted but the vendor wanted to change it to unencrypted file over SSL (resulting in encyption during transfer of course) to public facing drop server. My primary concern was that this file would be sitting unencrypted on a public facing server that wasn't even cleaned up regularly so I punted the change to the corporate security group asking for their approval of the change hoping they would help shoot the change down. Their reply? They asked if there was CC data in the file. I said no. They said fine we don't have problem with the transfer change. I asked them if this wasn't backward and shouldn't SS numbers be treated even more sensitively than CC numbers. Their repy? We have a legal obligation to protect CC numbers but only a moral obligation to protect SS numbers. This is of course BS but that is the head of fortune 500 company's security group conclusions. If these had been CC numbers they said they would have required that they not only be encypted in transfer but at "rest" too. This pisses me off. A SS number, name, and home address is certainly at least as important to protect as a CC number. In fact, undoubtedly much much more so.
posted by 69.11.128...
No Site Registration is Required to Post - Site Membership is optional (Member Features List), but helps to keep the site online
for all Saabers. If the site helps you, please consider helping the site by becoming a member.