[fc-discuss] Financial Cryptography Update: USA credit system is totally compromised, security-wise

iang@iang.org iang@iang.org
Sat, 18 Jun 2005 13:57:52 +0100 (BST) 

 Financial Cryptography Update: USA credit system is totally compromised, security-wise 

                             June 18, 2005


------------------------------------------------------------------------

https://www.financialcryptography.com/mt/archives/000508.html



------------------------------------------------------------------------

I wondered when we'd see this.	Tao points to news that 40 million card
breaches have occurred:

"MasterCard International reported today that it is notifying its
member financial institutions of a breach of payment card data, which
potentially exposed more than 40 million cards of all brands to fraud,
of which approximately 13.9 million are MasterCard-branded cards. 

MasterCard International's team of security experts identified that the
breach occurred at Tuscon-based CardSystems Solutions, Inc., a
third-party processor of payment card data."

This AP story mentions "the security breach involves a computer virus
that captured customer data for the purpose of fraud" and MasterCard
"did not know how a virus-like computer script that captured customer
data got into CardSystems' network, which MasterCard said was
infiltrated by an unauthorized individual."

http://taosecurity.blogspot.com/2005/06/cardsystems-solutions-intrusion
.html

http://www.mastercardinternational.com/cgi-bin/newsroom.cgi?id=1038&cat
egory=keyword&keyword=cardsystems

At this point, Americans may as well get used to the fact that their
entire data set is probably in the hands of criminals.	(Up until this
one broke, the running totals showed about 5 million.)

In my humble opinion, the credit system of the United States of America
is totally compromised, security wise.	Given the size of the
infrastructure, the complexity, the amount of money being made, the
existing mess of laws, and the hidden assumptions, it will take decades
to clean it up.

No amount of government intervention is going to make you safer, and
will probably make things more dangerous for you.  Companies have no
interest in your security, only in your continuing payments.  Get used
to it.	About all I can suggest is that each and every American learn
how the credit system works; take your own steps to secure your
identity - there are some cunning tricks.  You are on your own, for the
foreseeable future.

-- 
Powered by Movable Type
Version 2.64
http://www.movabletype.org/