Information Insecurity
Last week, I got a letter from DSW indicating that my credit card information (including the security code) and address has been "stolen" from them. Apparently, this breach came to light in March and DSW contacted the credit card companies soon afterwards.
Recently, there have been several prominent leaks where credit card and personal info (social security numbers, birthdates) of customers have been unintentionally released (citigroup, PetCo). One of the largest release of information was the security breach involving 40M credit cards. During the uncovering of this leak, it was also discovered that CardSystems was improperly holding consumer credit card data by keeping a file on credit card transactions that failed to receive authorization. In response, they released this statement:
So, what exactly is going on? Why is it that the companies we are entrusting with our personal financial information are not zeaously gaurding this information (as they should)? One of the main problems, as this Economist indicates, is that the companies are not legally liable. Only a couple states like California and Illinois have laws that require companies to notify the customers when their information has been compromised.
Anyways, back to DSW . . . The state of Ohio is suing DSW in order to release information about this to the customers. But, is this enough? Companies are not doing enough to keep customer information secure. In this day and age, where information is invaluable, this insecurity is costing customers and credit card companies (as they have to pay $35 for new cards and also reimburse people in cases of fraud). I can only hope that someone is looking out for me. . .
Recently, there have been several prominent leaks where credit card and personal info (social security numbers, birthdates) of customers have been unintentionally released (citigroup, PetCo). One of the largest release of information was the security breach involving 40M credit cards. During the uncovering of this leak, it was also discovered that CardSystems was improperly holding consumer credit card data by keeping a file on credit card transactions that failed to receive authorization. In response, they released this statement:
"We were out of compliance and we recognize that file was out of compliance with the association rules," Bill Reeves, CardSystems' Senior Vice President, told CNN.
So, what exactly is going on? Why is it that the companies we are entrusting with our personal financial information are not zeaously gaurding this information (as they should)? One of the main problems, as this Economist indicates, is that the companies are not legally liable. Only a couple states like California and Illinois have laws that require companies to notify the customers when their information has been compromised.
Anyways, back to DSW . . . The state of Ohio is suing DSW in order to release information about this to the customers. But, is this enough? Companies are not doing enough to keep customer information secure. In this day and age, where information is invaluable, this insecurity is costing customers and credit card companies (as they have to pay $35 for new cards and also reimburse people in cases of fraud). I can only hope that someone is looking out for me. . .
0 Comments:
Post a Comment
<< Home