- Article
- Comments ()
- Videos
ASSOCIATED PRESS
The criminal exploit that exposed 40 million credit card accounts to possible fraud is shedding light on an arcane but sensitive piece of the financial industry: the hundreds of companies that process transactions between merchants and card issuers.
While enormous in scope, the breach disclosed Friday at CardSystems Solutions Inc. was by no means the first such attack on a card processor.
Many analysts believe that banks and credit card companies, despite working hard to tighten their own security, have failed to force payment processors to maintain similar standards.
"They're not being watched carefully enough," said Avivah Litan, an analyst with Gartner Inc.
In recent years, card associations such as Visa and MasterCard have set up security requirements for processors to follow. No laws in particular govern this program, but the card associations can impose fines of several hundred thousand dollars for transgressions.
However, Miss Litan said aggressive audits of companies like CardSystems aren't being done.
Credit card companies "just sort of wait for them to have a breach," she said. "There's just a lot of vagaries in how it's enforced."
In fact, she said, several similar breaches have occurred and the public wasn't told.
Card processors and merchants must certify through third-party monitors that they meet the banks' and credit card associations' security standards. But complying can be a long and costly process.
Post a comment
There are comments on this article, submit your opinion!
If you feel there is still something worth mentioning about this entry please contact the author or the site admin.