Friday, October 03, 2008

OUTSOURCING? Think again...

Outsourcing makes theft of credit-card data easier
----------

From TODAY, World
Friday October 3, 2008

NEW YORK — The reliance of restaurant chains and retail stores on outside companies to handle credit-card processing and other information-technology functions is partly to blame for a rash of consumer data breaches over the last few years, according to data sleuths.

A chain with thousands of restaurants might have only 100 employees in information technology, so it uses outside vendors for many IT functions, said Mr Bryan Sartin at Verizon Communications, which investigates a quarter to a third of the big, publicly announced data breaches that occur, and hundreds of smaller cases.

“What happens is there’s a lack of accountability on the third party,” said Mr Sartin, director of the investigative response team at Verizon Business.

Organised data-stealing gangs “go to the call centres, the Web development companies, the content development companies, the business partners, the people who pick up the backup tapes”, he said.

“They say… if you hate your boss and you’re in financial straits, we’re your solution. Give us access to your customers. Better yet, give us your data.”

In recent years, restaurant and retail businesses have accounted for more than half of Verizon’s 230 to 250 cases per year, according to a report the company issued yesterday.

It often finds that insiders at service vendors are part of the heists.

In a typical case, Mr Satin’s team was approached by a large oil company in Canada, with thousands of gas stations. Customers were finding spurious charges on their credit cards after using them at the stations. AP
Post a Comment