Newspaper article Roll Call

Now You See Them, Now You Don't: Banks' Misdirection on Data Breaches

Newspaper article Roll Call

Now You See Them, Now You Don't: Banks' Misdirection on Data Breaches

Article excerpt

A staple of the illusionist's trade is "misdirection" - distracting the audience with the movements of one hand while using the other hand to make an object "magically" disappear.

Apparently, big banks have been studying prestidigitation when it comes to credit card data breaches.

The banks' strategy has been to call for data breach regulations on merchants, while making their own responsibility for card data disappear. Although there are approximately 1,000 times as many retailers as banks in the U.S., banks experienced nearly three times as many breaches involving data losses last year.

When merchants are breached, the criminals want payment card information, but it is the banks and credit card companies that not only create this data but also dictate how it is to be protected by everyone involved, including merchants. And they have never prioritized security.

Numbers are still embossed in huge characters on the front of cards, even though knuckle-buster machines and carbon copies are obsolete. Actual account numbers are still used, even though technology to encrypt them or substitute other data has existed for some time. Even though encryption requirements are imposed on merchants, banks are still not required to accept encrypted data. And while Europe has combined the use of computer chips and personal identification numbers for 20 years, the banks' and card companies' much ballyhooed plans to put chips in place here doesn't involve PINs - which doesn't have the same benefits.

In short, the banks and card companies have made merchants the target of data thieves by imposing a fraud-prone card system, then worked to convince everyone that breaches result from merchants' failure to protect data, hoping no one will notice the real source of the problem.

But the banks' misdirection doesn't end there. Pointing to the Gramm Leach Bliley Act (GBLA), they sing the praises of their own data standards while neglecting to mention they suffer more breaches than merchants - and that GLBA regulations do not require them to notify consumers when the banks have a breach. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.