Monday, June 20, 2005

CardSystems Security Breach

By now it is old news that there has been yet another massive security breach reported, this time of the personal information of a record 40 million people. Worse, the information was not simply lost, misplaced, or breached, but known to have been taken by thieves.

Although MasterCard has been mentioned in news reports, the company involved in an information processor called CardSystems Solutions.

In the New York Times the Chief Executive is quoted as saying the data was only being held for research purposes, should probably not have been held at all, and was not properly secured.

MasterCard requires processors not to retain such personal information, and is "investigating" to find out what happened.

Apparently information from consumers' Visa and other accounts were also compromised.

Observers point out that information processors that fail to secure information can represent a great risk.

In fact, they may be the greatest risk when it comes to personal privacy, whether we are talking about account, financial, medical or other forms of personal information. What standards do they have? What rules must they follow? Who verfies what they do?

This is a peculiar line in the New York Times:

"Jessica Antle, a MasterCard spokeswoman, said that CardSystems had never demonstrated compliance with MasterCard's standards. "They were in violation of our rules," she said."

What does that mean? "Never"? Then why was MasterCard doing business with them?

Interestingly, MasterCard discovered the problem by noticing unsually high fraudulent charges on accounts.

This oviously indicates that the thieves have already used the breach of security to commit identity theft.

In this situation businesses sometimes offer free credit monitoring services, but with 40 million people, that might be asking a lot of CardSystems.

Maybe if anyone needs the much touted "Identity Theft Insurance," it's the processing and card issuing companies, not the people.


Post a Comment

<< Home