

How Visa Protects Your Data - bwag
http://www.fastcompany.com/magazine/160/visa-secret-security-center

======
cstone
"This is Visa's OCE, or Operations Center East, the biggest, newest, and most
advanced of its U.S. data centers. It is a data-security heaven--and Visa's
acknowledgment that hackers are increasingly savvy, that data is an ever-
desirable black-market commodity, and that the best way to keep Visa (and its
150 million daily transactions) safe is to ensconce its network inside a
heavily fortified castle that instantly responds to threats. The OCE's 130
workers have two jobs: Keep hackers out and keep the network up, no matter
what. That's why rule No. 1 for visitors is: Never reveal its location. "On
the eastern seaboard" is as specific as Visa will allow."

uhh, right. two articles from the 90s put it in mclean, va:
[http://www.recordnet.com/apps/pbcs.dll/article?AID=/19940101...](http://www.recordnet.com/apps/pbcs.dll/article?AID=/19940101/A_NEWS/301018211)

[http://news.google.com/newspapers?nid=1298&dat=19931218&...](http://news.google.com/newspapers?nid=1298&dat=19931218&id=Z14zAAAAIBAJ&sjid=mAcGAAAAIBAJ&pg=4684,3600394)

~~~
freejack
according to this profile, it may have move to herndon.

[http://www.linkedin.com/profile/view?id=59159289&authTyp...](http://www.linkedin.com/profile/view?id=59159289&authType=OUT_OF_NETWORK&authToken=UZgy&locale=en_US&srchid=43074055-cfe0-4618-adde-c9071e62c95b-0&srchindex=4&srchtotal=57&goback=%2Efps_PBCK_visa+oce_*1_*1_*1_*1_*1_*1_*2_*1_Y_*1_*1_*1_false_1_R_*1_*51_*1_*51_true_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2&pvs=ps&trk=pp_profile_name_link)

------
CWIZO
That's cool. But after just returning from a month long road trip across USA
(I'm from Slovenia), I'm simply baffled by the lack of security when I'm
paying with my Visa card. In 97% of times I just swiped my card and the
transaction was done. 1% of the time the cashier bothered to check my ID, 1%
of the time I had to sign the check, and in 1% of the time I had to enter my
PIN number. What the hell? I'm surprised any of you yanks still have any money
left, considering how easy one can take all your money, if one comes into
possession of your card.

Here you always have to at least sign the card (and the cashier checks the
signature against the one on the card), but in most cases you have to enter
your PIN number. And I live in fricking Slovenia who was, just 5 minutes ago,
a part of a communist union ...

Anybody has an explanation for this lack of security in the states?

~~~
travisp
> I'm surprised any of you yanks still have any money left, considering how
> easy one can take all your money, if one comes into possession of your card.

In most cases, at least for Americans, if your credit card gets stolen, you
aren't responsible for any of the fraudulent charges. I've had a credit card
number stolen several times (about half travelling outside the US and half
while in the US). I never lost a dime to any of the fraudulent charges, just
several minutes of my time telling the credit card company.

~~~
tricolon
CWIZO never mentioned a credit card. He only referred to a "VISA card", which
in my experience is usually a debit card in Europe. (My limited perspective
has taught me that VISA cards are debit and Mastercard is credit. Then I came
back to the US and my situation is the opposite. Go figure.)

------
steve8918
This really doesn't sound like Visa protecting my data. It sounds more like
Visa having enough horsepower and backups so that they can keep their company
continuously running.

Not that that's a bad thing, but I really don't believe they care about
protecting our data. From personal experience, they seem to let any type of
fraud occur on your credit card, and then if you protest, then they _might_
reverse the charges. And then they issue you a new credit card number. They
would prefer to fix the problem before, putting the onus on us to determine if
fraud occurred, rather than actually prevent the fraud and protect our data.

~~~
pyre
Even when fraud occurs they are not interested in going after the source
unless that dollar amounts are high enough. I know this from personal
experience on an e-commerce site. We detected blatant fraud happening, and the
banks/card companies/processors don't care because the scale is too small.
(lots of ~$100 purchases on many, many credit cards all to the same two or 3
addresses)

------
freejack
Meanwhile, outside their data centre, they do very little to ensure customer
card security and enforce heavy-handed policies that put most of the risk on
merchants and downstream processors.

\--- obDisclosure: I am a merchant who has been defrauded hundreds of
thousands of dollars and have no love for the credit card companies.

~~~
freejack
Instead of ranting about it here, I thought it might be more appropriate to
enumerate my primary concerns in a post to my blog -
<http://www.byte.org/2011/10/28/the-visa-shakedown/>

------
andrewcooke
here it is - you can see the bend and pool.
[http://maps.google.cl/maps?q=45005+Russell+Branch+Pkwy,+Ashb...](http://maps.google.cl/maps?q=45005+Russell+Branch+Pkwy,+Ashburn,+VA+20147&ll=39.050654,-77.446444&spn=0.001262,0.001725&hnear=45005+Russell+Branch+Pkwy,+Ashburn,+Virginia+20147,+United+States&gl=cl&t=h&z=19&vpsrc=6)

(from looking at job ads)

~~~
sunchild
That is hilarious. Thank you for putting this extreme hubris in its place!

------
munin
the mantraps and hand scanners sound insane to I guess all normal people, but
in my experience that is a pretty standard level of security. I have a few 1U
servers co-located and I have to pass through multiple mantraps with palm
readers to access them.

~~~
krobertson
Agreed. Was reading through their "measures" and pretty much everything is
standard process/equipment for your typical medium to high end data center.
Man traps, batteries, generators, water cooling, avoid corrosion (uhh duh).

The only things I think they have I haven't seen before:

1) The concrete barrier and hair pin turn. Most data centers don't fear James
Bond.

2) The air lifted mailroom.

------
powertower
Does anyone know if the Fire Code specifies that "mantraps" have to open in a
fire alarm?

You should have to have an open path out in that type of a situation.

