SecurityCurve Weblog

Sucks to be a QDSP nowadays

I came across a reference to the sports authority stripe-data incident on Emergent Chaos today. What was really interesting to me was the alacrity with which Sports Authority sold out their PCI assessor.

Chas Withers, a spokesman for Sports Authority, said it was surprised by the discovery, because a Visa U.S.A.-approved assessor had told the company it was not storing such information.

Thanks, Chas. You're storing magnetic stripe data (in direct violation of Visa operating regulations) somewhere in a dusty nook of your infrastructure. Makes perfect sense that your assessor is at fault for not finding it for you.

You ever get the feeling that West End Games' Paranoia division is somehow responsible for PCI?

Posted by Ed at February 4, 2006 05:15 PM