MasterCard reported the exposure of up to 40,000,000 credit card 
numbers at CardSystems Solutions, a third-party processor of credit 
card data.  CardSystems was infected with a script that targeted 
specific data.  In other words, this wasn't the usual carelessness, 
this was enemy action, and of a sophisticated nature.  See
http://www.mastercardinternational.com/cgi-bin/newsroom.cgi?id=1038 for 
the official statement.

Designing a system that deflects this sort of attack is challenging.  
The right answer is smart cards that can digitally sign transactions, 
but that would require rolling out new readers to all the merchants.  
That's doable, about once per decade -- and at least one credit card 
vendor (JP Morgan-Chase) is using the opportunity to push out 
RFID-based credit card readers instead.  So the marketing department 
outranks the security department -- big surprise there....



                --Steven M. Bellovin, http://www.cs.columbia.edu/~smb



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to