CardSystems Solutions Settles FTC Charges
The Federal Trade Commission has announced that CardSystems Solutions, Inc. and its successor, Solidus Networks, Inc., doing business as Pay By Touch Solutions, have agreed to settle Federal Trade Commission charges that CardSystems' failure to take appropriate security measures to protect the sensitive information of tens of millions of consumers was an unfair practice that violated federal law.
This page on the FTC web site contains various documents related to the original complaint and the consent agreement.
According to the FTC, the security breach resulted in millions of dollars in fraudulent purchases. The settlement will require CardSystems and Pay By Touch to implement a comprehensive information security program and obtain audits by an independent third-party security professional every other year for 20 years.This is the ninth FTC case targeting companies whose security practices compromised consumers' confidential financial information, and the first the Commission has brought against a credit card processor.
“CardSystems kept information it had no reason to keep and then stored it in a way that put consumers' financial information at risk,” said Deborah Platt Majoras, Chairman of the FTC. “Any company that keeps sensitive consumer information must take steps to ensure that the data is held in a secure manner.”
According to the FTC, CardSystems provided merchants with products and services used in “authorization processing” - obtaining approval for credit and debit card purchases from the banks that issued the cards. Last year, it processed about 210 million card purchases, totaling more than $15 billion, for more than 119,000 small and mid-size merchants. In processing these transactions, CardSystems collected personal information from the magnetic strip of the card, including the card number, expiration date, and other data. CardSystems then stored this information on its computer network. Pay By Touch acquired CardSystems' assets in December 2005, and now processes transactions for the same merchants CardSystems served.
The FTC charged that CardSystems engaged in a number of practices that, taken together, failed to provide reasonable and appropriate security for sensitive consumer information. According to the FTC's complaint, these practices compromised millions of credit and debit cards, and led to millions of dollars in fraudulent purchases. In addition, after the fraud was discovered, banks cancelled and re-issued thousands of credit cards, and consumers experienced inconvenience, worry, and time loss dealing with the affected cards.
Stumble It!
Add your comment... (note that all comments are reviewed before they're published)