A solution delivered by security firm eEye was delivered and installed at the now-notorious third-party credit card payment processor.
After a security vulnerability led to the placement of unauthorized software on its systems, CardSystems Solutions has had security firm eEye Digital provide a fix for the problem.
As has been reported numerous times, the vulnerability led to the exposure of 40 million credit cards, and at least 200,000 of them appear to have been copied and removed from the CardSystems Solutions’ network.
eEye co-founder Marc Maiffret said his company performed the installation on June 10 at the CardSystems’ Tucson facility, according to the Arizona Daily Star. Specifics of the installation were not disclosed, of course.
The specific design of certain software applications sometimes leaves security concerns incompletely addressed. And security costs money, which businesses despise spending unless it leads directly to more revenue.
It is unknown if either or both of these scenarios were the case with CardSystems Solutions. But these situations do contribute to the sort of opportunity for exploitation that led MasterCard and Visa to demand an independent security assessment of CardSystems in the wake of mounting global claims of fraudulent activity.
“There is really no standard for how all this financial information gets pushed around, and all these companies push it around a little differently,” Mr. Maiffret told the Arizona Daily Star. But that’s incorrect.
Both MasterCard and Visa have policies in place for its third-party processors that they must agree to follow. MasterCard has publicly stated a couple of times that CardSystems Solutions did not follow those policies.
David Utter is a staff writer for Murdok covering technology and business. Email him here.
