Tag Archives: mastercard

Roundup of largest data breaches / incidents

records date organizations 130,000,000 2009-01-20 Heartland Payment Systems, Tower Federal Credit Union, Beverly National Bank 94,000,000 2007-01-17 TJX Companies Inc. 90,000,000 1984-06-01 TRW, Sears Roebuck 76,000,000 2009-10-05 National Archives and Records Administration 40,000,000 2005-06-19 CardSystems, Visa, MasterCard, American Express 26,500,000 2006-05-22 U.S. Department of Veterans Affairs 25,000,000 2007-11-20 HM Revenue and Customs, TNT 17,000,000 2008-10-06 T-Mobile, Deutsche Telekom 16,000,000 1986-11-01 Canada Revenue Agency 12,500,000 2008-03-26 LaSalle Bank, BNY Mellon Shareowner Services, Archive Systems Inc, The Walt Disney Company, SYNOVUS

3-D Secure (3DS) – Verified by Visa insecure

Security Researchers in the UK say that the 3-D Secure (3DS) system for credit card authorization, a protocol that was “developed by Visa to improve the security of Internet payments,” has significant security weaknesses. It is used by both of the ginormous card brands, known as “Verified by Visa” and “MasterCard SecureCode.”

via The Forrester Blog For Security & Risk Professionals.

PCI DSS Names New Chair

On Jan 25th, the PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced that Bruce Rutherford, group head, fraud management solutions, payment system integrity, MasterCard, has been appointed as the new chairperson of the PCI Security Standards Council. Rutherford will steer the Council as it works with industry stakeholders to create and release new standards in 2010.

via PCI DSS Names New Chair – DarkReading.

MasterCard: December PCI Deadline Change Not For Holiday Conflict

MasterCard’s decision to reverse itself on its end of year 2010 deadline for new Level 2 PCI requirements was not based on retail complaints or on avoiding the hectic holiday period for merchants, according to a key MasterCard manager heading up the effort. Instead, the change was based on giving retailers more time to work with a new PCI training program, he said.

via StorefrontBacktalk » Blog Archive » MasterCard: December PCI Deadline Change Not For Holiday Conflict.

MasterCard Blinks, Drops Dec. 31 Level 2 PCI Deadline

The first MasterCard change made this month was pushing the Dec. 31, 2010, deadline back six months, to June 30, 2011. But MasterCard has also made two other key PCI changes. It has redefined what Level a retailer is (Level 1, 2, 3 or 4) to explicitly mirror whatever level Visa has determined. (The language used to say “competing brand.”) The last of the changes is to allow Level 1 and Level 2 retailers to perform their own assessments—using the retailer’s own salaried audit staff—as long as those audit staffers have passed PCI-approved training courses.

via StorefrontBacktalk » Blog Archive » MasterCard Blinks, Drops Dec. 31 Level 2 PCI Deadline.

MasterCard Vs. Visa: Dueling Compliance Philosophies

People don’t seem to “get” MasterCard. For most of the last 4 years, MasterCard has been criticized for their apparent willingness to let Visa play the “bad guy” who issues fines to acquiring banks (and, through them, to merchants), who extends the PCI standards to application vendors (through PABP, now PA-DSS) and who generally takes the heat for PCI.

via StorefrontBacktalk » Blog Archive » MasterCard Vs. Visa: Dueling Compliance Philosophies.

MasterCard Becomes The First Card Brand To Publish PCI Fines

The noncompliance assessment structure now contains escalating assessments per violation within a calendar year,” said the document sent to members earlier this summer. “Maximum assessments for initial noncompliance for Level 2 and Level 3 merchants have increased to $25,000 and $10,000, respectively. Furthermore, the $500,000 annual aggregate maximum for acquirer noncompliance assessments related to program noncompliance has been discontinued.

via StorefrontBacktalk » Blog Archive » MasterCard Becomes The First Card Brand To Publish PCI Fines.