What the F is with Visa?

Submitted by Mike Rothman on Wed, 2009-03-04 08:51.
::
Today's Daily Incite

March 4, 2009 - Volume 4, #22

What the F is with Visa?

Good Morning:
Sometimes I just sit in my office and scratch my head. It's rare that I'm speechless (very rare, just ask the Boss), but when I came across this article in NetworkWorld on Visa's latest perspective on the "new" data breach, I was pretty much paralyzed. Yesterday, SC Magazine covered it as well.

Must be Visa, MasterCard and AMEX's PR folks...In a nutshell, Visa is either being run by lawyers or the Three Stooges. It's not clear to me which one, though I'd have to side with the lawyers at first glance.

In a classic Clintonian "it depends on what the definition of is is" moment, it turns out Visa's statement on the "new" breach didn't indicate it was actually new. And now they are saying it wasn't new. Maybe customers were compromised. Or maybe they weren't. Holy crap I'm confused.

Which is the real problem. First of all, it's clear that consumers credit card data has been compromised. Maybe it was a new breach, maybe it wasn't. But clearly there was a successful (very successful, dare I say) attack vector and we still don't know anything about it. Instead we have word games and obfuscation from the lawyers that have to approve any messages that go to either customers or the media.

With all due respect to my Dad and all the other lawyers I call friends (most of the time), I hate lawyers. You see, this gets back to the disclosure issue. These attacks are happening, RIGHT NOW. These attacks are being successful. Financial institutions and retailers are sitting under a two ton anvil called the recession (some would even say depression).

These folks need to optimize their resources and make sure their defenses are in place against new and innovative attack vectors. Instead, you have their lawyers trying to decipher what Visa and Mastercard's lawyers are saying or not saying. All the while the attackers continue to have their way with pretty much anyone and everyone (PCI compliant or not).

I know I'm asking a lot, but to hear the truth would be nice. It's all fine and dandy that Visa is now "risk scoring" each transaction to look for fraud (didn't they do that anyway? If not what the hell do I pay my 2% per transaction for?). But they are still reacting to the attacks, not helping to address them.

Makes me want to do my best Moe imitation and give an eye poke to Larry (Visa) and a head slap to Curly (MasterCard).

Have a great day.

Photo credits: “Three Stooges” originally uploaded by NYCArthur 

Technorati: , , ,

The Pragmatic CSO

 The Pragmatic CSO:
Available Now!

Read the Intro and Get
"5 Tips to be a Better CSO"

www.pragmaticcso.com