massive data theft at MasterCard processor
Steven M. Bellovin
smb at cs.columbia.edu
Fri Jun 17 18:52:11 EDT 2005
MasterCard reported the exposure of up to 40,000,000 credit card
numbers at CardSystems Solutions, a third-party processor of credit
card data. CardSystems was infected with a script that targeted
specific data. In other words, this wasn't the usual carelessness,
this was enemy action, and of a sophisticated nature. See
http://www.mastercardinternational.com/cgi-bin/newsroom.cgi?id=1038 for
the official statement.
Designing a system that deflects this sort of attack is challenging.
The right answer is smart cards that can digitally sign transactions,
but that would require rolling out new readers to all the merchants.
That's doable, about once per decade -- and at least one credit card
vendor (JP Morgan-Chase) is using the opportunity to push out
RFID-based credit card readers instead. So the marketing department
outranks the security department -- big surprise there....
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list