Thursday, April 23, 2009

Easily Hacked Company Awarded IRS Contract To Use Your Data

If the Obama administration wants to take the lead in enhanced cyber security, perhaps they should start with their very own Internal Revenue Service.

The IRS has awarded a huge contract for processing tax return payments to RBS Worldpay, a firm that recently reported that hackers gained access to 1.5 payroll card holders and nearly 1.1 million Social Security numbers that they were supposed to be protecting.

As it turns out, RBS was found to not be PCI compliant, according to VISA. That's pretty bad news when your main business is processing credit card transactions, and PCI was designed to ensure adequate controls exist within the credit card industry.

The IRS claims that RBS will not be able to process credit card transactions until 2010, and that not only will RBS need to re-gain PCI certification, but also pass a payment security audit from the IRS.

Since past behavior is a good predictor of future events, you may want to consider not paying your taxes by credit card.

It's hard to lose $1000 in rolled nickels.

Security Fix - IRS Awards Tax Payment Contract to RBS Worldpay


No comments:

Post a Comment

Please tell me what you think.