CBI warns on kneejerk data laws

The Confederation of British Industry has warned against a knee-jerk reaction after 40 million credit card customers were placed at risk of fraud by a hacking attack on a US credit card processor.

The Confederation of British Industry has warned against a knee-jerk reaction after 40 million credit card customers were placed at risk of fraud by a hacking attack on a US credit card processor.

The incident has sparked calls in the US Senate for a national disclosure law in the US and mandatory encryption standards, which could affect UK business trading with the US.

However, the CBI warned that there was a danger of introducing laws that could place extra burdens on businesses without helping consumers.

Jeremy Beale, CBI head of e-business, said, "Politicians are reacting by passing laws that have problems. We need good laws."

He called for the government to help encourage the wider use of digital signatures to improve the security of e-commerce and reduce the risk of identity theft.

Robbie Downing, partner at law firm Baker and McKenzie, said, irrespective of any new legislation, the incident would put pressure on businesses to demonstrate that they meet compliance regulations.

David Lacey, head of security at the Royal Mail and founder of the Jericho security forum, said the incident showed the case for better security standards.

"Our standard is that this kind of data is thoroughly protected by strong encryption even in storage," he said.

 

Card firms urged to rethink security

Credit card issuers are facing calls to rethink security procedures after 40 million customers were placed at risk of fraud by the hacking attack on a US credit card processor,

Hackers planted software at CardSystems Solutions, a payment processing company in Arizona, gaining access to millions of card details from Visa, MasterCard, American Express and other card companies.

The incident came a week after the UK's National Infrastructure Security Co-ordination Centre warned about criminal groups using targeted Trojans to obtain financial data.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close