Comments on: CardSystems’ CEO Speaks http://spiresecurity.com/?p=581 Risk and Cybersecurity Analysis Wed, 21 Aug 2013 23:28:51 +0000 hourly 1 http://wordpress.org/?v=3.5.1 By: Axel Eble http://spiresecurity.com/?p=581&cpage=1#comment-868 Axel Eble Tue, 26 Jul 2005 09:08:08 +0000 http://spiresecurity.com/blog/?p=581#comment-868 You write:
“One final comment: It is not clear to me why everyone in the security community immediately jumps all over these folks (as they have done with ChoicePoint and others) since there is no evidence of “bad security practices” except, of course, for the incidents themselves (it could be their practices were poor, but it also could be they had better security than most other processors).”

It’s established that CardSystems kept data they were required by CISP compliance not to keep. This is a clear breach of policy and rules so in my eyes, this is not a single incident but a general lack of understanding. That they are flamed to Kingdom Come is very justified in my eyes.

]]>