[ISN] Secret hackers to aid war on internet fraud

InfoSec News isn at c4i.org
Mon Apr 19 04:56:28 EDT 2004 

Forwarded from: Malcolm McWhinnie <malcolm_mcwhinnie at mastercard.com>

[The attached letter is below as InfoSec News no longer permits 
attachments to the list.  - WK]

Dear colleagues

I have attached a letter that has been sent to the London Times, which
addresses the recent article entitled "Secret hackers to aid war on
internet fraud". I would be obliged if you can assist in the
communication process by publishing this letter on your site also.

Thank you for your assistance

Best Regards

Malcolm McWhinnie
VP Global Information Security
MasterCard International
2200 MasterCard Blvd
290 West Lake
O'Fallon MO 63366-7263
(636) 722 4220


-=-


Dear Editor: 

Online retailers may need some reassurance if they have read The 
Times' article 'Secret hackers to aid war on Internet fraud' (Monday 
5th April).  The article incorrectly implies that MasterCard is using 
secret hackers to break into online retailers systems' in a bid to 
test their security systems without their knowledge.  MasterCard does 
not recruit secret hackers to test security systems of online 
merchants.  Moreover, there is no hacking involved, at all, in our 
Site Data Protection (SDP) programme, which we publicly announced and 
launched in 2003.

SDP, and its commercially available products and tools, is used only 
with the knowledge, consent and permission of participating retailers.  
It helps online retailers to assess their web security to proactively 
defend themselves against website intrusion and secure their systems 
against fraud.  

The programme includes security standards and evaluation tools that 
help to identify possible weaknesses in online systems, highlighting 
vulnerabilities in real-time and categorising any potential risks. As 
a further check, on-line retailers may separately perform their own 
penetration testing outside the scope of SDP.

MasterCard offers SDP through our member financial institutions to 
online retailers to help them protect data stored in their systems and 
aid them in their fight against Internet fraud. 

Yours faithfully 

Brian Morris 
MasterCard Europe

More information about the ISN mailing list