40 Million Credit Card Numbers Stolen – Failure To EncryptWritten by Richard A. Chapo
CardSystems Solutions moronic security efforts have resulted in potential theft of information for 40 million credit cards. Hackers were able to install a rogue program, probably a Trojan, in CardSystems security network. This program captured credit card information including cardholder’s name, account number and verification code.
CardSystems Solutions is an Atlanta-based company. Prior to this incident, it processed approximately $15 billion dollars in credit card transactions each year. Small businesses were primary users of system. The FBI and MasterCard International have launched investigations into hack. It has become apparent CardSystems Solutions should be charged with gross negligence. The company failed to comply with MasterCard security regulations and failed to destroy information of cardholders after prescribed time periods.
In a matter of gross incompetence, CardSystems failed to encrypt any of credit card data for users. This is equivalent of your bank sending monthly account statements will all information printed on outside of envelope. It is simply inexcusable and has led to potentially biggest theft of financial information in history.
California Financial Privacy Law Partially InvalidatedWritten by Richard A. Chapo
The 9th Circuit Federal Court of Appeals has dealt a blow to privacy advocates by invalidating a California privacy law. In litigation brought by American Bankers Association and others, appellate court overruled finding of a trial judge that California law could stand. Instead, appellate justices found law to be pre-empted in part by federal 2003 Fair and Accurate Credit Transactions Act.
When a state law conflicts with a federal one, federal law takes precedent. For instance, Supreme Court has ruled abortion to be constitutionally protected. No state may pass anti-abortion laws and have them enforced.
The question at issue in California law was a section giving California residents right to block financial institutions from selling their private information to third parties.
A San Francisco trial judge, Morrison C. England, Jr., had ruled section conflicted with provisions of Fair and Accurate Credit Transactions Act, but was not pre-empted because federal law allowed for stricter state laws. The 9th Circuit court disagreed.