Cardsystems sees ‘imminent extinction’ if Visa’s ban holds
The Chairman and CEO of of CardSystems Solutions has his own take on what is happening here:
In testimony before the House Financial Services subcommittee on oversight and investigations, Perry said that “as a result of coming forth with this important information, CardSystems is being driven out of business.“
So.. CardSystems Solutions is simply the knight in shining armor here– yet I thought I remembered something about 40 million credit and debit card accounts at risk? They are not suffering the consequences of their own actions; they are “being driven out of business.” Aha..
Meanwhile, the VISA website. reminds us what this is actually about. It’s not just about a crime having been committed, but about DataSystems failures to follow security rules.
Q: Why did the company have access to cardholder data?
A: Visa, other payments companies, and Visa Member financial institutions may work with third party companies to process card transactions on behalf of merchants. In this case, the processor failed to comply with security rules set forth by Visa. By their own admission, CardSystems Solutions, Inc. violated standards for data storage that have been in effect and mandatory since 2001 for any entity that stores, processes, or transmits Visa cardholder data. Our rules in this area are clearly spelled out….
Not to let the credit card companies off either, their attitude toward their consumers leaves much to be desired as well. For example…
VISA says:
Q: How do I find out if my account was one of the ones compromised?
A: Consumers should regularly monitor their accounts for fraudulent activity and notify their card issuing financial institution of any unusual activity. Visa notified all the potentially affected banks that issued the cards in question and provided them with the necessary information so they could monitor the accounts independently, and if needed, cancel and reissue cards.
Translation: The answer to your question is that you can’t find out.
Then there is a like statement by MBNA:
Customers can help protect their account against fraud by reviewing charging activity on their statement or at MBNA.com by logging into your account.
I think we’re all in favor of reviewing our credit card statements. The question is: Why is there no federal requirement that consumers be notified when their information has been compromised. MBNA adds, “Only credit card information was breached, no personal information was compromised.” Hmm.. since when is my credit card information not personal information? From my standpoint, as a consumer, if some crook has my credit card number, I want to know about it. I deserve to know about it.
I bank with a locally-owned small town bank, here in Santa Fe. They’re progressive and techie enough to have online banking, etc. for years; so, I can easily keep an eye on my account. Over the space of about a week, information dribbled in from CardSystems and VISA — and they learned that over 900 credit/debit cards were compromised.
Most banks have decided to sit back — and wait and watch. If customers get ripped-off and complain, they’ll act. Fortunately, since these folks get to face their customers, every day, on the street — they immediately canceled all those cards. They ordered up new cards with new numbers and began the task of telephoning and mailing notices to folks to explain why their cards suddenly weren’t working.
They had new cards overnighted and set aside the community room of their IT Center [with staff] for folks who wanted to drop by and get their new cards on the spot. Mine didn’t need replacing; but, I know folks who did. We’ll never switch to one of the national chains with “higher standards”.
Despite their statement, I can tell you MBNA shut down accounts without customer review of charges, and in my case there were no unauthorizd transactions.
There is no federal requirement for customer notification because the banking industry (like many other corporations) wields too much lobby power and influence in congress. They will make sure congress will always act in the banks favor. The same holds true for the banks being able to charge such high interest on credit cards, while paying such miserably low interest on savings accounts and cds. Of course, with the security breaches at CardSystems and ChoicePoint, congress may hear enough from their constituents to actually do something to protect the consumer.
The problem with these 3rd party credit card transaction houses (the ones that move the river of debit charges between member banks) is that Visa shops for it’s contracts for PRICE ALONE. Visa, originally BankAmericaCard (when Mastercard was MasterCharge), was agressive in looking for the “BEST” transaction price (as if they weren’t making buttloads of money by charging everyone…merchants, customers, banks). They, evidently, weigh the per-transation fee more heavily than security or other features. Even Mastercard, now second or perhaps third — behind American Express, in the race had much tougher requirements. ( Mastercard was the FIRST company to sign up various “member banks” to offer a cross banking platform credit card. They called the conglomeration “bankcard associations”. Previous to that the only cards that were accepted by various merchants was Diners, Carte Blanche, and American Express..)
The problem is…Visa doesn’t listen very hard to member complaints, and/or suggestions. I’d doubt that a lot of banks were “informed” on a timely basis. And, I’m sure the information provided was sketchy, at best.
I don’t believe the Federal government will offer up any new Bank regulations simply because that would mean imposing into the world of private enterprise. These are the same guys that want LESS regulation by government and more self-regulation by industry. Anything that might reflect on the bottom line is out of the question.
The link has the following quotation.
“The subcommittee discussed whether Congress should mandate companies to notify clients after a security breach and WHETHER THE MARKET, rather than legislation, would force companies to strengthen consumers’ security.”
(My emphasis)
So, if you don’t like the security offered by your Bank Card, then try out the competition. Or, maybe you will need to accept that, if you use a Bank Card, you will need to accept a certain level of risk that your information just might be compromised.
Then again, maybe we should accept that the Government is not there to help Corporations and industries. It is there is there because WE, THE PEOPLE… elected them and they are responsible to us. Maybe we need some more regulation by the Government into industries. The Government should be protecting the small people against the power of large industry groups.