Thursday, June 23, 2005

Bank in Utah Says Its Data Was at Risk in Intrusion

Eric Dash writes in the NY Times (registration required):

A small bank in Utah is the latest company to become entangled in the controversy over a security breach that has put personal data on 40 million cardholders at risk for fraud.

The Utah institution,
Merrick Bank, began using CardSystems Solutions - the processor from which the information was stolen - when it bought a portion of Provident Bank's merchant business in November 2004. Merrick acknowledged yesterday that CardSystems had not complied with Visa and MasterCard's security standards, but would not say when it became aware that the company was not following the rules, or whether the violations occurred under its watch.

The timing is important because those violations have placed Visa, MasterCard and American Express cardholders at risk for fraud. It is also critical because those payment companies have said that banks that hire third-party processors are responsible for ensuring that those companies are in compliance.


Post a Comment

<< Home