Minn. AG should investigate Coleman, local web developer says
|Photo by fosforix|
At least one local Web developer has formally contacted the Minnesota Attorney General's office asking them to investigate Coleman's campaign for possible consumer protection violations. Will they take up this case?
Tony Webster has submitted a letter to AG Lori Swanson reviewing that issue and calling out the campaign for violations. CP has reported on similar concerns.
Here is an excerpt:
As a website that accepts payments via credit card, the Coleman campaign is bound by the Payment Card Industry Security Standards (PCI DSS), a unified set of rules agreed to by all major credit card companies, banks and card processing services. According to PCI DSS, Requirement 3, the storage of credit card numbers is permitted as long as it is "...required for business, legal and/or regulatory purposes." In any case, the card number must be protected by encryption. If the expiration date is stored, it must also be encrypted. In no case should the three or four-digit security code on the back of a credit card ever be stored, regardless of the reason and regardless of the protection or encryption used.View the full PDF letter here. (via)
At this point, it's clear that the Coleman campaign took several negligent steps in the matter: (a) the improper storage and collection of full credit card numbers, expiration dates and card security codes, (b) the database contents being exported from the database to a database file, (c) the misconfiguration of the Coleman campaign website, and (d) the further publication of the database file to the internet.
We've contacted Swanson's office and left a message, but haven't received a response about additional letters submitted or a potential investigation from their office. If you have also submitted a letter to authorities on this matter, please contact Blotter.