The following story from the Washington Post attracted my attention. Full Story
– "The head of a payment processing firm that was infiltrated by
computer hackers, exposing as many as 40 million credit card holders to
possible fraud, told Congress yesterday that his company is "facing
imminent extinction" because of its disclosure of the breach and
industry’s reaction to it. "As a result of coming
forward, we are being driven out of business," John M. Perry, chief
executive of CardSystems Solutions Inc., told a House Financial
Services Committee subcommittee considering data-protection
legislation. He said that if his firm is forced to shut down, other
financial companies will think twice about disclosing such attacks." –
Are we supposed to feel sorry for this company. I am happy that the market is imposing costs for failing to provide adequate security. As I’ve stated in my presentations for about 6 years, the market is moving to a due diligence model. If you can’t be diligent, then you should not survice. If a drug company puts out drugs that kill people, the market goes after them. If your business line involves protecting sensitive information, you better protect it, lest your competitor dance on your grave. I am glad that Visa is playing hardball on this issue as market factors will be the single greatest influence on improving security in the next decade.