Lost Credit Data Improperly Kept, Company Admits

Zak3056 writes "Last week, Mastercard announced that up to 40,000,000 credit card numbers may have been compromised by one of their processing companies. Today, the New York Times (registration, along with first born child, required) is reporting that the company in question, CardSystems Solutions, should not have been retaining that data to begin with. John M. Perry, CEO of the processor in question, claims the data was merely being kept for 'research purposes.' The number of compromised Master Card accounts has been revised downward to about 68,000, with another 132,000 possibly compromised accounts belonging to Visa, American Express, and other companies."

Credit Card Doublespeak

[Qzukk]

"The number of compromised Master Card accounts has been revised downward to about 68,000, with another 132,000 possibly compromised accounts belonging to Visa, American Express, and other companies."

Should be read as

"The number of compromised Master Card accounts from accountholders in California where we actually have to report this is about 68,000. Another 132,000 people in California with Visa, American Express, and other credit card companies' cards also had their account information taken"

this is not an error

[nilbog]

This isn't an error at all, it's actually a *feature* of your credit card agreement. Gets your card number out there so you don't have to bother giving it to retailers - they already have it!

Re:Slight difference?

[Tuxedo+Jack]

Even so, the issue is that it was still improperly retained - and that corporate America isn't giving a damn about security for the average joe's accounts and such.

Re:Full text of the article

[w98]

As for the sensitive data, he added, "We no longer store it on files."

Now they store it on tape so UPS can lose it instead.

NYT ?? What gives

[Rac3r5]

I don't wanna be a troll here, but please, there are a dozen other sites that have the same article. Do we have to rely on a site that requires u to log in?
http://www.internetnews.com/security/article.php/3 513866/

It's like the commercials

[jim_v2000]

Internet connection - $30
Homemade Computer - $700
2 Liters of Mountain Dew - $2

Stealing 40 Million people's credit card information with your 1337 h@x0r s|i77z - Priceless.

There's somethings that money can't buy, but for everything else, there's MasterCard.

Why are they still in business?

[stinerman]

From TFA:

Jessica Antle, a MasterCard spokeswoman, said that CardSystems had never demonstrated compliance with MasterCard's standards. "They were in violation of our rules," she said.

Asked about compliance with Visa's standards, a Visa spokeswoman, Rosetta Jones, said, "This particular processor was not following Visa's security requirements when we found out there was a potential data compromise."

Question:

Why is CardSystems Solutions still a processor for Visa and MasterCard?

Moral Hazzard?

[DaveInAustin]

This story on npr says that the credit card companies can actually wind up making money when a fraudulent charge is made. Does this create an incentive for them to keep things safe?

When will these companies be held responsible?

[Todd+Knarr]

That's what I want to know: when will companies that mishandle data like this be held 100% responsible to the people whose data they mishandled for the losses, fraud, etc.? I'm of the opinion that only when mishandling data results in actual financial consequences to the mishandler will things change.