An Associated Press investigation has found security practices weak with regard to how banks and other companies handle consumer credit card data, according to an AP story in the Washington Post.
The story notes that it's no surprise that more than 70 retailers and payment processors have disclosed breaches since 2006, given that "government leaves it to card companies to design security rules that protect the nation's 50 billion annual transactions...[and those] rules are cursory at best and all but meaningless at worst, according to the AP's analysis of data breaches dating to 2005."
The piece goes on to note that companies that fail to meet the voluntary standards, known as PCI, incur fines but can continue to process cards. "Credit card providers don't appear to be in a rush to tighten the rules. They see fraud as a cost of doing business," notes the article. But the real cost--identity theft and its ramifications--is borne by the consumers who suffer the consequences, as illustrated in a case provided in the piece.
Security Management's John Wagley reported on related PCI and data breach problems in the April "Technofile."
Wagley also has a related piece in this month's "Technofile" about how credit card processors have formed a group to share information in an effort to improve their ability to get better at detering and catching hackers.