Posted by:
admin
15 years, 12 months ago
Legislation that would have made merchants responsible for card-reissuance and other identity theft costs was vetoed by Gov. Schwarzenegger.
Schwarzenegger, a Republican, said in a message to the assembly that he decided to veto the measure because guidelines already exist that mandate merchants to protect cardholder data.
"This bill attempts to legislate in an area where the marketplace has already assigned responsibilities and liabilities that provide for the protection of consumers," he said. "In addition, the Payment Card Industry (PCI) has already established minimum data security standards when storing, processing or transmitting credit or debit cardholder information."
According to Bob Arnould, senior vice president of government affairs at the California Credit Union League, a supporter of the bill:
"The reason that legislation is needed is a majority of retailers are thumbing their noses at PCI standards and not complying," Arnould told SCMagazineUS.com today. "They decided they're going to save a buck and not protect people's data. Government is probably the only entity that is going to be able to solve the problem."
If that's true, it's a sad truth. I don't think mandating specific technologies and security requirements is the way to go. Visa and Mastercard will more quickly adapt their requirements. Eventually, government regulations will sound like "All floppy drives containing cardholder data must be...".
The problem is that while the merchants pay for the cost of fraud through the interchange fees and consumers are limited to $50 through fraud detection, consumers face other risks and costs, such as identity theft and 'credit-tainting'.
Perhaps part of the problem is the duopoly of Visa/(Mastercard/Amex). Banks can now issue Amex cards without getting kicked out of Visa/Mastercard. So why aren't we seeing a credit card that offers consumer's more protection? Seems like a credit card that comes with a 'credit-lock' service is a benefit to me as a consumer and to the issuer - less competition!
Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)