Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Global Payments Breach Made Worse By Failure to Disclose

Barracuda Networks : 04 April, 2012  (Technical Article)
Barracuda Networks comments on the credit card information data theft from Global Payments and the subsequent lack of disclosure
Global Payments Breach Made Worse By Failure to Disclose
After the large-scale theft of credit card user data from Global Payments, a service provider of MasterCard payment processing, Barracuda Networks comments on the failure to disclose a breach immediately making a bad security incident much worse.
 
Wieland Alge, General Manager of Barradcuda Networks EMEA commented:

“It is hardly surprising that credit card data is targeted by cyber-criminals – it’s potentially worth a truckload of money.  However, if the financial sector is expected to maintain the highest possible security standards and keep their losses to a minimum, why did Global Payments Inc take so long to admit something was wrong?

The guidelines laid out in the PCI DSS standard are legally binding for companies in the financial sector. They include technological as well as procedural specifications to minimize the risk of theft.

While we must assume the company was fully compliant to standards, there is no such thing as 100% security. It’s the same on the high street - bank robberies will still happen even though physical security measures are getting tighter and tougher.

Aside from the breach itself, Global Payments Inc should face the music for taking so long to publicize the breach.   Any delay increases the possibility of customers being affected. There are only two possible explanations for a delay, neither of them positive: either the theft has not been detected earlier, which would be a grave security lapse; or they chose not to communicate the breach sooner, which is simply unacceptable.

The prompt and frank disclosure of security incidents is central to containing the fallout, protecting the customers affected and defending against future attacks on potential victims.

As long as data breaches are made public promptly, then damage can be limited. Of course, having to change credit card numbers is a major irritation to those affected, but delayed disclosure is by far worse.

In this case, the bad guys have been given ample time to do their deeds and rip off unsuspecting even more customers.  The time between fraud detection and taking action is crucial.  If banks and financial institutions fail to move fast then everyone, aside from the bad guys of course, will lose.” 
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo