Companies offer to pay breach fines

[security curmudgeon <jericho () attrition org>]

http://www.scmagazineus.com/Companies-offer-to-pay-breach-fines/article/140350/

Companies offer to pay breach fines
Chuck Miller
July 21, 2009

Two credit-card payment processors are offering to cover merchants' fines 
and penalties in the event of a data breach.

However, the two companies, Heartland Payment Systems and Mercury Payment 
Systems, have different requirements that must be met before a merchant 
would qualify for coverage.

For Mercury, the retailer would have to prove it was Payment Card Industry 
Data Security Standard-compliant (PCI DSS) at the time of a breach.

This is an enticement program to get merchants involved in PCI compliance, 
Jim Mackay, Mercury's vice president of marketing, told SCMagazineUS.com 
Friday. Though there are critics who say that PCI does not go far enough, 
at least it's a step in the right direction.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php