| |
|
Friday, March 16, 2007
|
|
Although the use of the Internet to buy and sell online has
introduced a slew of security concerns within the payment services
industry, Visa USA president and CEO John Philip Coghlan insists that
technology is the solution to combating fraud -- not the cause of it.
Coghlan also pointed out during Visa's security summit in Washington,
D.C., Thursday that data breaches are neither random nor inevitable if
proper security measures are taken.
The TJX data breach
"was a stark reminder to all of us that such events can have vast reach
and consequences," Coghlan said. Such breaches create mistrust and can
undermine efforts make to build a good brand image. But, he made clear,
"the majority of compromises come from storage of prohibited data and using vulnerable systems to process data."
TJX, the parent company of retailers T.J. Maxx, Marshalls, HomeGoods,
and others, made headlines in February when it revealed an attack on
its systems had resulted in the theft of customer information.
Just as the headlines were threatening to die down, TJX announced a few
weeks later that intrusions into its system actually began as early as
July 2005, rather than beginning in May 2006 as the company had
originally reported.
While the exact nature of the TJX data breach has not yet been
revealed, in general, financial information is stolen in a number of
ways, including the physical theft of a wallet, checkbook, or credit
card; theft of information from one's home from friends, relatives, or
in-home employees; phishing messages that trick people into divulging information to fraudsters; hacks, viruses, and spyware on a PC or ATM machine; and a corrupt business employee with access to your records.
But data theft is not random. Instead, it's perpetrated against
businesses with the weakest security and the most valuable information,
Coughlin said Thursday, adding, "More than 80% of all dollars lost come
from 20% of fraudulent transactions."
3:39:19 PM 
|
|
Very revealing speech last
week by John Coughlan, Visa USA's CEO, who insists that the technology
is available to prevent cardholder data falling into the wrong hands.
In
a speech at Visa's security summit in Washington late last week,
Coughlan said that cardholder data breaches are neither random nor
inevitable if proper security measures are taken.
The TJX (TJ Maxx) data hack, he said, "was a stark reminder to all of us that such events can have vast reach and consequences."
According
to Coughlan, such hacks can create mistrust and undermine efforts to
build a positive brand image. But, he said, the majority of system
compromises result from the storage of prohibited data and using
vulnerable systems to process data.
3:36:34 PM
|
|
PATRIOT Act Apologist Site Didn't Get the Memo. Last week, the Department of Justice Inspector General's office released a damning report documenting the FBI abusing its powers under the PATRIOT Act and violating the law to collect Americans' telephone, Internet, financial, credit, and other personal records about Americans without judicial approval.
It appears that not everyone at the DOJ got the memo. The DOJ's Life and Liberty website, a site dedicated to defending the honor of the PATRIOT Act during the re-authorization process last spring, still reads as if nothing has changed. Particularly in the light of the newly revealed truth, many of the quotes now seem (at best) naive.
Under the headline of "Examining the Facts", the DOJ asserts that PATRIOT has "four-year track record with no verified civil liberties abuses." The site quotes an op-ed by former House Judiciary Committee Chairman James Sensenbrenner:
Zero. That's the number of substantiated USA PATRIOT Act civil liberties violations. Extensive congressional oversight found no violations. Six reports by the Justice Department's independent Inspector General, who is required to solicit and investigate any allegations of abuse, found no violations.
Wow, that sure sounds good. Unfortunately, the new report reveals that is is simply not true: the inspector general identifies dozens of instances in which extra-judicial demands for personal information -- known as National Security Letters -- may have violated laws and agency regulations.
In the Archive section, the site includes quotes from an op-ed by Senator Pat Roberts responding to critics like ourselves:
I regret to say it, but the rhetoric of those opposed to permanently authorizing the act has no substance and borders on paranoia. Opponents have criticized the act for years but can cite only hypothetical abuses. Facts are stubborn things. The actual record is quite clear - there have been no substantiated allegations of abuse of Patriot Act authorities, period.
Critics could only point to hypothetical abuses because the fox was guarding the hen house. Senator Roberts also opined that:
Through aggressive congressional oversight, we know the FBI uses Patriot Act authorities within the law.
It's now clearer than ever that the oversight was not aggressive enough, with the report documenting that the FBI decieved Congress about its use of the letters. The report is likely only the tip of the iceberg. Immediate and thorough oversight hearings are necessary to uncover the truth and hold the Administration accountable.
Tell Congress to defend your privacy now. [EFF: Deep Links]
2:45:28 PM
|
|
|
© Copyright 2007 Paul Hardwick.
Last update: 3/18/07; 5:16:29 PM.
|
|
|
