Heartland and RBS De-listed From PCI List

March 17, 2009 on 8:52 am | In Security, Techspeak | 1 Comment

This Tech Target article explains that RBS and Heartland have “got some splainin’ to do.”“In a statement released Friday, Visa said it was removing the payment processors based on “compromise event findings.” RBS WorldPay’s disclosure on Dec. 23 that it was breached was followed by Heartland’s Jan. 20 announcement that hackers broke into its systems.”

It pleases me to see some sort of repercussion for security risks and compromises here. I hope that this really shakes them up and, more importantly, wakes them up.

1 Comment

  1. By taking the payment processors off its list of certified providers, Visa is “offering a passive opinion of the PCI standard, which is that it doesn’t amount to much in the end,” Schneier said.

    I bet if Visa started charging them 1% more on every transaction until they got into compliance it’d never happen again. PCI, from the audits I’ve been through, looks like a list put together by a college intern reading C|Net news articles about break-ins and doesn’t come close to ensuring a secure environment. Unfortunately several of the more baroque requirements, especially in the first versions, lead to high merchant costs and lowered security (e.g. hashed passwords were forbidden, only crypt()’ed was allowed; line-printers required for system logs, etc.). All so Visa doesn’t have to spend money on post-1960’s security!

    I wonder if they’ll release details. ‘Malware’ makes it sound like some n00b was using unsecured Windows on a secure network.

    Comment by bill_mcgonigle — March 17, 2009 #

Sorry, the comment form is closed at this time.

Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds. Valid XHTML and CSS. ^Top^

Bad Behavior has blocked 219 access attempts in the last 7 days.