Quote:
Originally Posted by mikester
...(snip)...
Still, the scope of this sounds very much like an inside job to me and all the PCI compliance in the world isn't going to stop an inside job if the insider was on the security staff or had administrative rights.
You want a simple law probalby that says the data must be 'secure and private or else your organization is liable for the fraud.' Outside of that, like what HIPAA tries to do - the law should not outline the way it is done outside of saying using 'industry best practices designed to been the evolutionary curves of security breaches.'
Let a judge decide if they did their due diligence and if they did they did and if they didn't they are liable for all the consequences of not being diligent. In my opinion at least...
|
Quote:
Originally Posted by 74-911
That is the really worrisome part. Very difficult to stop that...
|
Agree completely. However, we are talking about two different but related issues. One is the security of stored data by companies, the other is the ease of applying that data to individual cards.
The ease in which cards can be counterfeited or compromised is the driving force behind attacks on data storage. The problem remains the archaic credit card system the U.S. employs. As long as thieves can easily commandeer a card because of the magnetic strip, there will be the incentive to hack into the systems for the information. Currently, the U.S. is the number one source for counterfeit/commandeered credit cards and that's why the thieves work to breach the system. If the Target breach was an inside job or not, the information would be useless (or significantly so) if the cards themselves could not be reprogrammed or pirated due to smart card technology and the thieves would be left with 40 million sets of useless data. More than likely, they wouldn't have attempted it at all because they would not benefit.