Close This website uses modern features that are not supported by your browser. Click here for more information.
Please upgrade to a modern browser to view this website properly. Google Chrome Mozilla Firefox Opera Safari
your legal news hub
Sub Menu
Search
Close
Enter at least 3 characters
Advanced Search

Search

Hold down "Control", or "Command" on a Mac, to select more than one.
Login
Events Calendar

No events for this date




Add event All events
Jobs

Unfortunately, there are currently no vacancies.

Post Job More Jobs
Advanced Search

Search

Filter
Filter
Filter
A A A

Company confirms credit card breach

Publish date: 14 November 2012
Issue Number: 1460
Diary: Legalbrief eLaw
Category: Cybercrime

The company at the centre of a major credit card security breach which saw all four major banks increase their security and re-issue thousands of new cards last week, has confirmed the breach.

PayGate operates as an intermediary between online retailers and banks in online shopping transactions. It has a large number of online merchants as clients, among them airlines, universities, Woolworths, iTickets and accommodation booking websites. The Cape Argus reports that the Payments Association of SA (Pasa) said 'the card data emanating from these online transactions seems to have been stored in a manner which does not meet the stringent security standards expected by Pasa, the international card schemes and the banks'. PayGate managing director Peter Harvey said their systems were breached in August, exposing 'some' credit card numbers to risk, according to the report. It notes Absa, Standard Bank, Nedbank, First National Bank, as well as Woolworths, whose credit cardholders were also affected, moved to quell fears, saying any fraud as a result of the data leak would be covered by the banks. Full Cape Argus report

In a Moneyweb column, Lucien Pierce says Pasa, Visa, MasterCard and all Pasa's bank members should be taking the data breach very seriously. After all, organisations such as Sony, Lockheed, Citigroup and the International Monetary Fund all experienced major data breaches in the past year, seeing them all taking rapid action to counter major reputational damage. 'Each of these organisations had to publicise these breaches and had to manage and repair the damage done to their reputations. It isn't only reputational damage which is suffered, but each most likely suffered some sort of financial loss. Each organisation would certainly have incurred expenditure on public relations, legal advisers and organisational changes designed to mitigate and repair the reputational damage. Pasa et al. are fortunate that the Protection of Personal Information Bill ("POPI") is not law yet. The POPI Bill, once it becomes law, will oblige organisations such Pasa et al to secure the integrity of personal information in their possession or under their control, by taking appropriate, reasonable technical and organisational measures to prevent the loss of personal information and unlawful access to personal information. In doing so, they will be compelled to implement generally accepted information security practices and procedures available at the time.' Full Moneyweb column

Back to top
We use cookies to give you a personalised experience that suits your online behaviour on our websites. Otherwise, you may click here to learn more, or learn how to block or disable cookies. Disabling cookies might cause you to experience difficulties on our website as some functionality relies on cookie information. You can change your mind at any time by visiting “Cookie Preferences”. Any personal data about you will be used as described in our Privacy Policy.