gaouzts - 1:32 am on Dec 12, 2002 (gmt 0)

i'd certainly like to know more about any lawsuits like this. if you have any information / links etc that you could share (maybe by sticky mail) i'd appreciate it. sometimes it feels like i'm on a one man mission to alert people to fraud issues and show them that it really does happen and that there are ways to avoid most of it.

Unfortunately, most settlements like this never go public and many are settled out of court. Rarely do you actually see reports of this unless someone reports on a large company like the recent Authorize.net hack. The information I have is anecdotal from our attorneys but I do have some links somewhere to the big reports of service providers, like Authorize.net and others that have been hacked.

Also, we've been advised that providing we employ industry-accepted means for protecting information, such as SSL, encrypting credit card data stored on your server, etc., that, if we were taken to court, we would stand a better chance of winning. I would hate to face a judgement where someone's identity or cc info was stolen because of lack of security. It just doesn't make sense to take that risk when there are so many simple things companies can do to protect this information.

VISA has been working to develop industry-accepted practices for requiring all VISA merchants to follow if they accept the card. They have info on their web site about it. Other card companies will no doubt follow suit.