Thursday, August 23, 2012

Cybertheft Crackdown My Butt

I've read several stories of late flaunting some high profile cases where it seemed law enforcement and judges were finally cracking down on cybercrimes and cybertheft. I thought we finally made the turn and were prosecuting the perpetrators (hackers) of these crimes the way they should have been prosecuted all along. Then I read this today:

In a nutshell, the mastermind of the RBS WorldPay hack, where $9 million was pilfered from U.S. bank accounts, was sentenced to 30 months in prison and ordered to pay $89,000 in restitutions. Let's see, $89,000+30 months for $9 million, that comes out to a $297,000 per month. That's a pretty good payoff. I understand that he had accomplices' so he did not pocket the entire $9 million; but many wannabe hackers reading this will see it as $9 million for 30 months. This sends a strong message: Cybercrime pays!

Until sentences are large enough to discourage the crime, nothing will change: More money will need to be spent for cyber security -- more hacking -- more money -- more hacking -- and so on…

Thursday, May 24, 2012

My Take on PCI DSS Compliance

As promised, I finished my PCI usefulness post. It can be found on the Shift4 4titude site:

As the title suggests, it is not a glowing review of PCI, or more specifically PCS DSS compliance. Anyway, I don't want to give away too much here. Enjoy.

Thursday, May 17, 2012

Global Payments Breach Growing

The latest reports I read are that the Global Payments breach started in January 2011 -- more than a year earlier than initially thought. To me the story here is that during this timeframe Global Payments went through at least two onsite PCI audits and neither caught the breach in progress. Since Visa and MasterCard were so quick on pulling Global Payment's PCI certification, should they not also pull the QSA's certification(s) as well? I'm not sure if there were more than one QSA involved nor am I certain who it was -- but that does not really matter as my next post will describe. I am currently writing a post on the usefulness of PCI, or lack thereof. Stay tuned...