Briefs: Company news by ProQuest


More Info

2 MINUTES ON...                                                                                                 tions,” said Dave Hogan, CIO
                                                                                                                of the National Retail Fed-
                                                                                                                eration, a trade group. “You
Merchants take on providers                                                                                     need to be a security expert.”
                                                                                                                   Hogan, an outspoken critic
                                                                                                                of PCI, wants to see technol-

       new case could set          lions of dollars in damages,           tracts, which likely immunize         ogy implemented that would
       precedence for a mer-       part of which would be used            the service providers from            protect credit card data
       chant community often       to recoup fines Visa levied             liability.                            without placing any increased
overwhelmed by the burden          against the seven restaurants             “If Radiant and Computer           burden on the retailer.
of PCI compliance. A group         following the breach.                  World have their contracts               Diana Kelley, founder of
of restaurants in Louisiana          A lawsuit of this variety            buttoned up tight, I think it’s       consultancy Security Curve,
and Mississippi have sued a        is rare – merchant against             going to be an uphill climb,”         said she understands where
point-of-sale provider and its     point-of-sale provider. How-           said Philadelphia attorney            the restaurants have a case,
distributor alleging the two       ever, legal experts said the           Andrew Baer, who advises his          considering Visa alerted
vendors were actually the ones     plaintiffs will be hamstrung           retail clients, when negotiat-        the two defendants in April
responsible for a series of data   by the wording of the con-             ing a contract with service           2007 that their systems were
breaches at the eateries.                                                 providers, to include warran-         non-compliant. The eateries
  The plaintiffs contend that                                             ties of PCI compliance and            claimed they never learned
Radiant Systems and reseller
Computer World manufac-
tured, sold and maintained
                                    7/01/10                               remedies for recovering dam-
                                                                          ages if a breach results from a
                                                                          product defect.
                                                                                                                of the warning, but Kelley
                                                                                                                said they still are required to
                                                                                                                perform a PCI assessment,
for them insecure and non-          Date by which                           That is not feasible for most       which should have caught the
PCI compliant software. This                                              merchants, who tend to lack           vulnerabilities.
                                    acquiring banks
allowed Romanian hackers                                                  leverage ability and money               “We’re going to have a
to remotely login and install
                                    must ensure their                     for counsel, Baer said.               judge put some case law on
malware, enabling them to
                                    merchants use                           “If you’ve got a small chain        where the accountability does
steal the debit and credit          PCI-certified                          that has one or two stores, I         lie,” she said. “It really could
card numbers of customers.          payment applications.                 think it’s pretty difficult for        change the landscape.”
The complaint seeks mil-                                                  them to ask the right ques-                          
To top