I heard the ETA has some kind of petition about Operation Choke Point. What is Operation Choke Point, and what's the big deal?
Cassidy Robbins Merchant Level Salesperson
We've been covering Operation Choke Point (OCP) for several months and can point you to several articles that will give you a good sense of what OCP is and why the Electronic Transactions Association is seeking signatures for a petition to Congress encouraging a collaborative approach to stamping out fraud pertaining to electronic transactions instead of the overly broad, litigious approach advocated by the federal government via OCP.
The most recent article we've published on this topic is "Guilt by association: The crackdown on legitimate, law-abiding businesses," by Theodore F. Monroe. It is on page 32 of this issue of The Green Sheet. Please also check out some of our prior coverage on this topic in 2014:
Thank you for your question. You can make a difference when you become informed about actions such as this and let Congress know how government intervention affects your livelihood. And you can offer informed opinions and workable alternatives that will ultimately benefit both the industry and consumers.
With the number of data breaches proliferating – The Home Depot breach that's supposedly even larger than the Target breach being the most recent I know about – I'm feeling like everything we're doing is just some sort of band-aid, or like the Dutch boy with his finger in the dike. Can the fraudsters really be that much smarter than all the talent we have in Silicon Valley and other tech centers and universities across the United States and among our allies? Isn't it time we revamp our data storage and transmission systems entirely and forget this PCI, EMV liability shift and other stuff that just seems laughable to me today as I'm getting a new ISO off the ground and wonder how I'm going to protect myself and my merchant customers going forward.
Frank Holub Holub Merchant Services
I'm sure numerous payment professionals and consumers share your concerns. We all need to have confidence in our payment system to make a living in the payments sphere and to thrive as consumers. The number and scope of recent breaches seem staggering, but vigilance can go a long way toward keeping criminal elements out of our electronic data. Early in 2014, the PCI Security Standards Council reported that "password" is still the most common password used, and that almost 80 percent of breached confidential consumer information involved compromised passwords.
So, the necessity of returning to basics and adhering to best practices cannot be overemphasized.
However, you've made an interesting point in asking, "Can the fraudsters really be that much smarter than all the talent we have … ?" It does appear to be commonly accepted that the fraudsters will always be one step ahead of us. Questioning this assumption seems to make sense. Often breakthroughs arise when basic assumptions are challenged. Developers test their systems, attempting to think like hackers to find vulnerabilities before, and after, they release their products to the public. But perhaps we, as a society, are so concerned with launching products and getting on with business that "the good guys" don't focus relentlessly enough on finding holes in our electronic data transmission and storage systems – and constantly improving them – so malicious fraudsters are kept out. Perhaps the costs/benefits analysis of prevention versus remediation is skewed. I hope some security experts weigh in on this topic.
Do you have something to say about data security or other compelling payments industry topics? Please send your questions and feedback to firstname.lastname@example.org.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next