Death of a Credit Card Processor?

Not since CFS RailRoad let their CIO, CISO, and CSO go has there been such a dramatic repercussion from a security incident. That case was a result of not taking industry best practise protection against a widely predicted threat: MSBlaster attacking the RPC DCOM vulnerability in Windows.

A quick recap. Remember that Mastercard got calls from at least one bank that reported unusually high levels of fraud against credit card accounts. On investigation it was discovered that Card Services International, a major credit card processor, was storing credit card numbers on their servers and a hacker using "virus software" (read spyware), had gained access to over 40 million records.

On Monday this week Visa announced that Card Services would not be allowed to process Visa transactions. Hours ago American Express delivered what has to be the death blow to this company by announcing similar measures.

Lesson learned: Bad Security = Go out of business for companies in the credit card handling business.

Scary stuff.