GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

New payment player flexes muscle


Industry Update

Interchange dodges a bullet

Two more terminal types under PCI SSC umbrella

Small-business confidence rising

Contactless faring well

Terrorism funded with stolen data

Flying for wishes, Isaacman sets record

Visa Inc. interchange rates as of April 2009


Data security dominates ETA Expo

Selling Prepaid

Prepaid in brief

The Fair Gift Card Act of 2009:
Good intentions, disastrous results

Brad Fauss
Springbok Services Inc.

The ISO challenge: Selling prepaid

Drilling down on the prepaid-unbanked relationship


Protect merchants with the basics

Biff Matthews
CardWare International

The drive toward integrated solutions

Robbie Lopez

Extending security beyond assessments

Michael Petitti


Street SmartsSM:
What does your billboard say?

Jon Perry and Vanessa Lang

What it takes to thrive in business

Curt Hensley
CSH Consulting

PCI: Taking the proper path

Tim Cranny
Panoptic Security Inc.

Facing the elephants

Jeff Fortney
Clearent LLC

Company Profile

Merchant Cash and Capital

New Products

Private pathway for POS data

Company: Apriva

Boundless processing


Revenue streams through referrals

AdvanceMe Inc.


Capitalizing on distractions


2009 Calendar of events



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

May 11, 2009  •  Issue 09:05:01

previous next

Terrorism funded with stolen data

Andrew R. Cochran, founder and Co-Editor of the Counterterrorism Blog, delivered a statement dated March 31, 2009, to the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology Hearing, United States House Committee on Homeland Security. The statement entitled "Do the Payment Card Industry Data Standards Reduce Cybercrime?" outlined a number of instances in which stolen U.S. credit cards were used to fund terrorist attacks.

Cochran asked the subcommittee to review the evidence he was presenting and "the effectiveness of the PCI standards to reduce data breaches, identity theft and the potential funding of terrorism." He also extended an offer to assist them in that mission. The Counterterrorism Blog, with its host of experts from both the government and private sector, reports on and analyzes terrorist attacks and counterterrorism policies.

Cochran chaired a special panel in February 2009, Meta-Terror: Terrorism and the Virtual World. His statement to the subcommittee summarized information from that event and pertinent entries in the Counterterrorism Blog by its experts, including Dennis Lormel, who led the FBI's investigation into the financing of the Sept. 11 terrorist attacks. The following was included in his summary.

The plastic trail

#h4 Call for collaboration

Tom Donlea, Executive Director of the Merchant Risk Council, said, "We feel there is a need for greater collaboration from the various players involved with protecting the security of online transactions. ... There are barriers between private industries and government for collaboration, and as a nonprofit trade association, we can play a facilitating role and help increase the connectivity and collaboration. "Businesses get tired of giving information to law enforcement and government and never hearing anything back. ... A lot of [the fraud information] is originated with various government entities, and they're not coordinating with each other. So merchants have to hunt around in six or seven different places."

After his keynote address to the MRC's 7th Annual e-Commerce Payments and Risk Conference in March 2009, former U.S. Congressman, Governor of Pennsylvania and the country's first Secretary of Homeland Security, Tom Ridge, said, "When I was in the White House, Dick Clarke, Howard Schmidt and a few other people built a national strategy for cyber security. It got a little notoriety and then it was ignored."

Ridge said the fight against cybercrime won't be won without collaboration with the private sector. Theodore Svoronos, Vice President, Business Development & Strategic Partnerships with Group ISO Inc., said, "The public sector and the private sector are running parallel tracks with no intersection. ... There is a huge disconnect between the two sectors. The federal government doesn't understand our side of the industry well enough to know what's needed and how to roll it out - and how to actually monitor it." Svoronos said the government has resources to test security that the private sector lacks.

Finding solutions

Svoronos added that there need to be greater consequences for not properly securing sensitive data. The obvious consequence of lax security is data breaches. But there doesn't seem to be a consequence for not being compliant with the Payment Card Industry (PCI) Data Security Standard (DSS) before a breach occurs. No one is really enforcing the PCI DSS, according to Svoronos.

Ridge suggested that the government should "take the intellectual firepower of the private sector, and all that experience and all that expertise and embed it - I mean we embedded journalists fighting the war on terror - [the government ] ought to embed the private sector cyber experts into our operations around the United States to come up with a more holistic solution."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios