I had not read that Squirt - just going by what I had heard over the news actually. But right now, with all these "great" CEOs of companies (like Enron, MCI, etc) - it is very difficult to believe some of these people. It sounds like he is trying to blame someone else - when, he is in charge of the company and he did not have all the proper safeguards set up properly.

Getting CISP compliant is not easy and as you can see, it is not 100% full-proof.

And one has to wonder why it took a extra two days to notify Merrick? That should have been the first phone call - afterall, if the money cannot be collected from the merchant, it is paid by the processor. And if the money is not paid by the processor, it comes from the acquiring bank.

And this is the kicker:
As we have repeatedly acknowledged, our error was that the data was kept in readable form in violation of Visa and MasterCard security standards.
I have no idea how they could even get CISP compiant with this type of data being stored this way. You are only asking for trouble