Security threats Toolkit
Story: Hacking scandal blamed on broken rules
An absolute disgrace. I have worked for a PSP which was forced to comply with Visa AIS regulations, which specifies encryption levels for capturing and storing card data. The fact that a major processor has been allowed to continue without being audited is a complete sham.
The PSP should be heavily fined, and the card issuers should also be fined for not forcing appropriate levels of security to be maintained.
In my experience of dealing with them, the card companies form the biggest obstacle to card security, as regarldess of fraud they still get their money, normally from the vendor, removing any incentive for improvement.
Full Talkback thread








