The CardSystems blame game

The CardSystems blame game
Mark Rasch, 2005-08-01

On July 21, 2005, the United States House of Representatives Committee on Financial Services, Subcommittee on Oversight held a hearing on "Credit Card Data Processing: How Secure Is It?" Of course, just by asking the question,you already know what the answer is going to be: not a disaster, but about as secure as you might imagine.

Colapse all | Post comment

The CardSystems blame game 2005-08-02
Anon O. Mouse

I wonder if it's only a matter of time before the congressional hearing examines the scope and structure of the audit contract and assigns culpability.

I just hope they they have the ability to either grasp the finer points of a highly technical agreement in the context of a sec. audit or that ...

[ more ] [ reply ]

The CardSystems blame game 2005-08-02
Craig S Wright

The first question is "what audit". C&W did not complete an audit. An audit of controls would be a check against the standards. In this case the CISP from VISA.

If C&W audited CardSystems based on the standard they could not have just stopped at the couple servers identified by the client. The CI...

[ more ] [ reply ]

The CardSystems blame game 2005-08-03
Anonymous

It's always easy to blame the auditor. What people don't understand is that if the target's management wants to hide something, they will, and the auditors need not know about it. Remember Enron? Compliance != security (thanks PhilH)....

[ more ] [ reply ]

The CardSystems blame game 2005-08-05
Alex Chin

In a stricter sense, C&W did not conduct an audit at all. Using the word of audit is quite all encompassing and needs to comply to various standards and not just the CISP standards set by VISA. To even call it an audit or external audit there are AICPA and ISACA standards to comply with.

The s...

[ more ] [ reply ]

The CardSystems blame game 2005-08-08
Anonymous

No matter what Perry may say about "no fraudulent" transactions, the bank I work for had identified a pattern in fraudulent transactions late last year, and by January had isolated the cases as originating from either a single bank, or it's processor. I believe we may have been the institution that ...

[ more ] [ reply ]