Credit Card Security Found Lacking

By Sherry Harowitz

An Associated Press investigation has found security practices weak with regard to how banks and other companies handle consumer credit card data, according to an AP story in the Washington Post.

The story notes that it's no surprise that more than 70 retailers and payment processors have disclosed breaches since 2006, given that "government leaves it to card companies to design security rules that protect the nation's 50 billion annual transactions...[and those] rules are cursory at best and all but meaningless at worst, according to the AP's analysis of data breaches dating to 2005."

The piece goes on to note that companies that fail to meet the voluntary standards, known as PCI, incur fines but can continue to process cards. "Credit card providers don't appear to be in a rush to tighten the rules. They see fraud as a cost of doing business," notes the article. But the real cost--identity theft and its ramifications--is borne by the consumers who suffer the consequences, as illustrated in a case provided in the piece.

Security Management's John Wagley reported on related PCI and data breach problems in the April "Technofile."

Wagley also has a related piece in this month's "Technofile" about how credit card processors have formed a group to share information in an effort to improve their ability to get better at detering and catching hackers.


A year’s worth of credit

A year’s worth of credit card reform concluded Sunday as the last set of new credit card rules was enacted. Limits on late payment fees and also other penalties are enforced with the last collection for rule changes. The Credit Card Accountability, Responsibility and Disclosure (CARD) Act of 2009 began the reform project, which is now complete. One of the newest federal laws cuts late payment fees to an average of $25.Over the past year as new credit card rules have been rolled out, credit card corporations have been dramatically increasing rates of interest. One for the new rules calls out the card-issuers to either support those increases with legitimate reasons or roll them back.

View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.