Card processor accepts 20-year settlement with US authorities


Card processor accepts 20-year settlement with US authorities

Tash Shifrin

Payment processor CardSystems has agreed a settlement with the US Federal Trade Commission (FTC) over charges that it failed to protect sensitive information about tens of millions of consumers.

The FTC said failure to take appropriate measures to protect the consumer information was an unfair practice that violated US federal law. The security breach – the largest ever compromise of financial data – resulted in millions of dollars of fraudulent purchases, the FTC said.

Under the terms of the settlement, CardSystems and its successor, Pay By Touch Solutions, must implement a comprehensive information security programme, including administrative, technical and physical safeguards, which must be independently audited every two years for the next two decades.

The FTC had alleged that CardSystems created unnecessary risks to the information by storing it, did not adequately assess the vulnerability of its computer network to commonly known or reasonably foreseeable attacks and did not implement simple, low-cost, and readily available defences.
The company also failed to use strong passwords to prevent hackers taking control of its computers and getting access to personal information stored on the network. It did not use sufficient measures to detect unauthorised access to personal information or to conduct security investigations, the FTC charged.

CardSystems faces potential liability “in the millions of dollars” under bank procedures and in private legal action for losses related to the security breach, the FTC said.

Last year a US court ordered CardSystems and its co-defendants to keep all information and evidence relating to the security breach, in a class action brought by California credit card holders after hackers broke into the CardSystems computer network.


Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy