[ISN] Secret hackers to aid war on internet fraud
isn at c4i.org
Mon Apr 19 04:56:28 EDT 2004
Forwarded from: Malcolm McWhinnie <malcolm_mcwhinnie at mastercard.com>
[The attached letter is below as InfoSec News no longer permits
attachments to the list. - WK]
I have attached a letter that has been sent to the London Times, which
addresses the recent article entitled "Secret hackers to aid war on
internet fraud". I would be obliged if you can assist in the
communication process by publishing this letter on your site also.
Thank you for your assistance
VP Global Information Security
2200 MasterCard Blvd
290 West Lake
O'Fallon MO 63366-7263
(636) 722 4220
Online retailers may need some reassurance if they have read The
Times' article 'Secret hackers to aid war on Internet fraud' (Monday
5th April). The article incorrectly implies that MasterCard is using
secret hackers to break into online retailers systems' in a bid to
test their security systems without their knowledge. MasterCard does
not recruit secret hackers to test security systems of online
merchants. Moreover, there is no hacking involved, at all, in our
Site Data Protection (SDP) programme, which we publicly announced and
launched in 2003.
SDP, and its commercially available products and tools, is used only
with the knowledge, consent and permission of participating retailers.
It helps online retailers to assess their web security to proactively
defend themselves against website intrusion and secure their systems
The programme includes security standards and evaluation tools that
help to identify possible weaknesses in online systems, highlighting
vulnerabilities in real-time and categorising any potential risks. As
a further check, on-line retailers may separately perform their own
penetration testing outside the scope of SDP.
MasterCard offers SDP through our member financial institutions to
online retailers to help them protect data stored in their systems and
aid them in their fight against Internet fraud.
More information about the ISN