Ziff Davis Internet
News & Resources for the IT Reseller
NewsReviewsTech AnalysisCommentarySecurityLinux/Unix
My Account |  

Larry Loeb  
CardSystems Solutions Becomes a Cautionary Tale
By Larry Loeb

Opinion: eWEEK.com’s Larry Loeb writes that everyone has a purpose. But some people—and companies—exist mostly to provide a warning for others. That’s the role CardSystems Solutions appears to have been destined for.

Poor old CardSystems Solutions got thwacked in the head with a major trout this week by Visa and American Express.

Both companies said that they would no longer do business with the ACH (automated clearing house). MasterCard has given CSS until the end of August to demonstrate compliance with MC’s standards or face the same cutoff.


It doesn’t look good for CardSystems’s long-term survival unless it can pull a rabbit out of the proverbial hat—and soon. Channel Insider Special Report: IT Spending in the Channel

You’d think that just because CSS screwed around with hundreds of thousands of credit-card accounts, that the credit-card industry would enforce the normal penalty of a wrist-slap and continue business as usual. Or at most, impose some token monetary penalty. Not this time. The industry pulled the plug.

This sends message(s) to the entire ACH infrastructure. The first is “We’re serious.”

Never before has an ACH been blackballed for security malfeasance. Never. This kind of action by the credit card companies is groundbreaking in its scope.

The second message is “Wake up, you could be next.”

All of the ACH players have to be nervous right about now. The 12-step program mandated by the Payment Card Industry Data Security Standard, which was introduced late last year, is about to be enforced by the card companies.

The standard means that “best practices” for IT, not just “acceptable practices” have to be used by anyone in the supply chain.

That means an ACH has to spend money for IT upgrades and revisions, which will standardize the IT practices for all of the card-issuing companies. Some of the ACHs won’t be ready to comply so fast. They’ve been dragging their feet on this, hoping it will go away. It won’t.

The Lesson

In a way, CSS did everyone a favor. It showed how flawed our current financial IT infrastructure is in everyday practice.

PointerMicrosoft plans to buy secure messaging company. Click here to read more.

No one ever heard of CSS before the problems arose. You won’t hear about many places that have even worse security policies in place until something goes wrong and they get caught with their firewalls down. The Channel Insider Special: Managed Services in the Channel The root problem of all of this is that our current financial system confuses identification with authorization. A social security number was always envisioned to be something that was for SS purposes only, not as something that served as an identification/authorization token.

But Federal law has changed. USC 405 [C] and subsequent sections state that it’s just fine for any state or government agency to require an individual to provide their SSN: “[…] for the purpose of establishing the identification of individuals affected by such law […].” Pretty clear.

Some businesses have come to rely on the SSN as a unique identifier for someone (and by inference a token for authorization), and this will have to stop if we are ever to have a secure financial infrastructure.

PointerAfter a series of high-profile data thefts, experts rethink network security. Click here to read more.

This may be hard to do, but we will know that a real change has happened when this kind of screw-up happens in the future and nobody really cares because it won’t adversely affect them.

Larry Loeb was consulting editor for BYTE magazine and senior editor of WebWeek. He serves as a subject matter expert for the Department of Defense’s Information Assurance Technology Analysis Center, and is on the American Dental Association’s WG-1 and MD 156 electronic medical records working groups. Larry’s latest book is “Hackproofing XML,” published by Syngress (Rockland, Mass.). If you’ve got a tip for Larry, contact him at [email protected]

PointerCheck out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.



Free Hands-On Training Lab
Find out how key features of SBS 2003 can help you open up a new line of revenue. Register now >>

SBS 2003 Sales Reference Card
This handy reference card contains features at a glance, sales objection handling, pricing guidelines & more. Get it now >>

Microsoft Empower for ISVs rewards your big idea with big benefits and support.
Access key development tools at a low cost to help you develop that idea into an innovative application. Learn more >>

Changing Business for the Better: A Practical Guide to BPM

This paper provides an overview of the benefits of BPM technologies and identifies the characteristics of BPM solutions that lead to successful BPM process-centric integration projects.

Download this free white paper to learn more!

>> brought to you by IBM

Attention Microsoft Solution Providers!

Want to gain a competitive edge? Try Microsoft Watch – FREE!

Each week you receive:
  • Microsoft News and Insider Information
  • Expert Analysis
  • Code Names of Upcoming MS Products
  • Year-Ahead Calendar, updated monthly

    Click Here to sign up now for your FREE 14 Day Trial to Microsoft Watch.
  • Add up to $1,200 of value with the new BONUS PACKS.
  • HP PartnerONE: The key to increasing your margins.
  • HP Compaq nc6129 Business Notebook. $1149 Smart Buy
  • HP xw8200 workstation. Smart Buy price $1549.
  • ProLiant DL360G4p server: HP Smart Buy price $1647
  • Microsoft files new anti-piracy lawsuits. Learn more.
  • New offers with Windows Genuine Advantage.

    •Catalog Publishing
    •Dealer Management
    •Order Configuration
    •Price Management
    •Sales Management

    View All >

    Search the jobs you want & get the info you need – post your resume here today!

    Powered by Dice
    White Boxes
    MS vs. IBM
    Linux in the Channel
    Stay in the Zone
    Put The Channel Insider on your desktop.
    Subscribe to The Channel Insider: Channel News, Reviews, Resources and more.

    Make your selections below:

    Contract Watch

    The Channel Insider Update

    Preferred e-mail format:

    Enter your e-mail:

    view all newsletters >>
    Channel Insider Quick Links
    Ziff Davis Footer Logo