The CardSystems blame game

The CardSystems blame game
Mark Rasch, 2005-08-01

On July 21, 2005, the United States House of Representatives Committee on Financial Services, Subcommittee on Oversight held a hearing on "Credit Card Data Processing: How Secure Is It?" Of course, just by asking the question,you already know what the answer is going to be: not a disaster, but about as secure as you might imagine.

Expand all | Post comment

The CardSystems blame game 2005-08-02
Anon O. Mouse

The CardSystems blame game 2005-08-02
Craig S Wright

The CardSystems blame game 2005-08-03
Anonymous

The CardSystems blame game 2005-08-05
Alex Chin

In a stricter sense, C&W did not conduct an audit at all. Using the word of audit is quite all encompassing and needs to comply to various standards and not just the CISP standards set by VISA. To even call it an audit or external audit there are AICPA and ISACA standards to comply with.

The scope of work conducted by C&W is not clear if it is agreed-upon procedure or a high-level assessment. This can be distinguished by the level of testing to obtain corroborative evidence. It is very true that management needs to know what they are buying. But there are also CONsultant who will claim that they are doing an audit and when we asked what's the difference between an audit and a review. Half the time they may not know how to distinguish. The idea is to shop around and you will soon know the difference between the real mccoy and the snake oil.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/344/32221#32221

The CardSystems blame game 2005-08-08
Anonymous