2012 Olympics Security to be Chosen by Sponsorship

denebian devil writes "In an Editorial/Blog at ITPRO, Davey Winder writes of a keynote speech at Infosecurity Europe by Member of Parliament Derek Wyatt. In this speech, which was about the IT security demands of running the 2012 London Olympics, Derek Wyatt MP dropped the bombshell that IT Security at the Olympics will hinge not on which companies show themselves to be the best in their field or to have the technology that best meets the needs of the Olympics, but rather on whether or not the companies were a 'major sponsor' of the Olympics. So who has bought their way into being the security experts of choice, and with whom our security and that of the visiting millions will rest? Visa."

Re:Millions of infections

[plover]

I still maintain that Visa is responsible for killing advances in credit security, rather than their current wrong-headed PCI approach to "enhance" them.

A decade ago, Mastercard came up with the Secure Electronic Transaction (SET) protocol. This protocol cryptographically ensured the security of credit card data, and was designed to be implemented in hardware at the retailers. Each one of those PIN pads is capable of participating in the SET protocol.

Visa killed it, because it rendered them irrelevant.

Visa itself isn't a credit lender. Visa is a commercialized industry group, very similar to the RIAA, providing a common badge to paste on the front of thousands of banks, and a common mode of operation for those banks. When you get a Visa card, it looks and acts like any credit card from any of the member banks. That's important because you (and the merchants you shop at) trust that if your card has a Visa logo that it will be honored. Back in the late 70s, that was vitally important because most credit commerce was conducted off-line. But now that we have ubiquitous electronic networks and everyone authorizes credit cards before accepting them, that logo means almost nothing. Now, it's a question of "does the merchant trust that they'll get paid?" The Visa logo lets the cashier know that his store does (or does not) trust the bank on the other end of the transaction. It assures the merchant that yes, this Visa member bank will pay them. But with a fully online transaction, the payment could happen automatically and securely. The merchant wouldn't care where the card came from, since the authorization went directly to the customer's bank, and their bank transferred their money instantly before the customer even walked out the door. There would be no need for intermediaries to skim their transaction fees for operating a special bank-only network, as the secured transactions themselves could take place over any public network.

This would have killed Visa. Instead, they swept SET under the rug and we've been dealing with phony cards and ID theft ever since. Now, they have a program called PCI-CISP, and it's used by Visa to deflect the blame to the merchants for leaking stolen data.