[LINK] Credit card security breech
Alex (Maxious) Sadleir
maxious at gmail.com
Fri May 27 17:19:33 AEST 2011
On Fri, May 27, 2011 at 5:03 PM, Tom Worthington
<tom.worthington at tomw.net.au> wrote:
>
> The ABC have reported "Banks cancel cards over potential security
> breach", with thousands of cards cancelled:
> <http://www.abc.net.au/news/stories/2011/05/27/3228694.htm?section=justin>.
>
> At this stage it is not clear if this is due to a problem with EFTPos
> machines, online or both. As a result I gave a somewhat vague interview
> to Channel Ten news, which is going out at about now (5pm).
Fairfax was reporting even this morning that CBA (it was only CBA
talking about a breach then) said it was due to a security breach at a
large unnamed merchant not a bank or the eftpos network. CBA and ANZ
seem to say it's not their merchant client - I thought banks have a
responsibility to the Credit Card networks only provide services to
large clients who comply with the Payment Card Industry Data Security
Standard. It is rumored that some banks are laxer in their auditing
and enforcement:
http://beastorbuddha.com/2010/06/16/have-some-banks-lost-interest-in-pci-dss-compliance/index.html
"The bank pinpointed the merchant in common between the accounts and,
as a precaution, cancelled the cards and reissued them, while
notifying the bank that provides services to the merchant."
http://www.theage.com.au/business/major-banks-cancel-credit-cards-after-breach-20110527-1f72w.html
Mandatory breach reporting can't come too soon...
More information about the Link
mailing list