PCI Compliance and Terrorism
Via The PCI Compliance Blog.
We have read complaints on other blogs about the PCI standards, claiming they are a burden for merchants and software developers. But when considering the documented link between credit card fraud—which PCI DSS was developed to fight against—and terrorism, perhaps complaints about security standards will fall silent.
Kimberly Kiefer Peretti, Senior Counsel in the Computer Crime and Intellectual Property Secti on of the U.S. Department of Justice, recently wrote an excellent white paper, “Data Breaches: What the Underground World of ‘Carding’ Reveals” [.pdf] . In this paper, she gives a concise overview of large scale data breaches by skilled hackers—who is doing it and how, as well as the implications of these breaches.
One of Peretti’s most salient points comes in her discussion of how carding—activities surrounding the theft and fraudulent use of credit and debit card account numbers—is linked to other criminal behavior, including terrorism and drug trafficking.