The Seattle Times: Business & Technology: 40 million credit cards at risk — I wonder what the consultants have to say about this?
More than 40 million credit-card numbers belonging to U.S. consumers were accessed by a computer hacker at a card-processing center and are at risk of being used for fraud, MasterCard International said yesterday.
MasterCard officials said all credit-card brands were affected by the breach, the largest of its kind, including 13.9 million cards bearing the MasterCard label. The company said American Express, Discover, Visa and other brands also were affected. A spokeswoman for Visa confirmed that 22 million of its card numbers may have been breached, but Discover Financial Services said it did not know if its cards were affected.
MasterCard officials said consumers are not held responsible for unauthorized charges on their cards.
MasterCard International said names, card numbers and expiration dates were harvested by a rogue program planted inside the computer network at CardSystems Solutions, one of the companies that process merchant requests for credit-card authorization. When a retailer swipes a card, the information goes to companies such as CardSystems for approval before being passed along to banks.
K. Burel
“We believe that a hacker intruded and installed some malicious code that captured card information” — in other words, you don’t know a damned thing! They haven’t a clue if it was someone inside the organization — which is most often the case — or a for-real hack attack from someone outside the network.
Most of the dolts writing this copy haven’t the smallest perception of the differences between hacking or dropping a copy of some script-kiddy code or even a waiter using an illicit card-swiping reader to duplicate credit card info. They’re all different and different levels of security are required. If the credit card processors had to jump through the same hoops and oversight as banks, this would be a lot less likely.
Quick transactions and even quicker profits are all that count.
I’m a consultant, and here’s what I have to say:
We should assume that no data can be held securely. Ever.
The next time a bank or other organization asks me for private data, I will discuss with them in advance how they will compensate me when (not if) this information is compromised. It ought to be fun…
– Precision Blogger
http://precision-blogging.blogspot.com
My view on this is very simple.
Who cares? Sure it’s a hassle, but none of the major credit card companies will hold you liable made with a stolen credit card.
So who’s responsible for any fraudlulent charges? The credit card company or the merchant who accepted the card? Justice would dictate that the credit card company eats the charges, but I suspect it’s the merchant, right?
There is only one sure fire way to protect yourself- call the credit card issuer and ask for a replacement card with a new credit card number.
This also has the effect of punishing the credit card issuer, as it costs them money to create new cards and mail them to you.
Coincidentally, I happen to be in Seattle when this broke. The next day there was an article in the Times where the Credit Card companies told everyone that “only a few would be affected.” Riiiight. 40 million names and numbers lost and only a “few” would be affected.
There are a couple of reasons that people should care. First, in case you haven’t read the news lately there is a huge illegal identity market out there. This breech basically provided fodder to these criminals for the next five years or more. Second, much of the costs are going to be absorbed by merchants. That means higher costs to the consumer to absorb higher fraud incidents and costs. Thus, it costs everyone when this sort of thing happens.
merci a vous
According to Banking Regulation E, The consumer is not liable for unauthorized card transactions if reported within designated timeframes (normally within 2 statement cycles). The merchants are NOT responsible as long as they have a signature on file (doesn’t even have to match). The main issue merchants have to worry about is that internet transactions have no signature to back up the transaction. Mastercard or Visa are definitely not going to take any losses even though it is their guarantee, so any other losses where the merchant has a signature is taken by the issuing bank.