RE: [ISN] Secret hackers to aid war on internet fraud

From: InfoSec News (isn@private)
Date: Mon Apr 19 2004 - 01:56:28 PDT

  • Next message: InfoSec News: "[ISN] Linux Advisory Watch - April 16th 2004"

    Forwarded from: Malcolm McWhinnie <malcolm_mcwhinnie@private>
    
    [The attached letter is below as InfoSec News no longer permits 
    attachments to the list.  - WK]
    
    Dear colleagues
    
    I have attached a letter that has been sent to the London Times, which
    addresses the recent article entitled "Secret hackers to aid war on
    internet fraud". I would be obliged if you can assist in the
    communication process by publishing this letter on your site also.
    
    Thank you for your assistance
    
    Best Regards
    
    Malcolm McWhinnie
    VP Global Information Security
    MasterCard International
    2200 MasterCard Blvd
    290 West Lake
    O'Fallon MO 63366-7263
    (636) 722 4220
    
    
    -=-
    
    
    Dear Editor: 
    
    Online retailers may need some reassurance if they have read The 
    Times' article 'Secret hackers to aid war on Internet fraud' (Monday 
    5th April).  The article incorrectly implies that MasterCard is using 
    secret hackers to break into online retailers systems' in a bid to 
    test their security systems without their knowledge.  MasterCard does 
    not recruit secret hackers to test security systems of online 
    merchants.  Moreover, there is no hacking involved, at all, in our 
    Site Data Protection (SDP) programme, which we publicly announced and 
    launched in 2003.
    
    SDP, and its commercially available products and tools, is used only 
    with the knowledge, consent and permission of participating retailers.  
    It helps online retailers to assess their web security to proactively 
    defend themselves against website intrusion and secure their systems 
    against fraud.  
    
    The programme includes security standards and evaluation tools that 
    help to identify possible weaknesses in online systems, highlighting 
    vulnerabilities in real-time and categorising any potential risks. As 
    a further check, on-line retailers may separately perform their own 
    penetration testing outside the scope of SDP.
    
    MasterCard offers SDP through our member financial institutions to 
    online retailers to help them protect data stored in their systems and 
    aid them in their fight against Internet fraud. 
    
    Yours faithfully 
    
    Brian Morris 
    MasterCard Europe
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Mon Apr 19 2004 - 03:06:32 PDT