June 22, 2005 4:00 AM PDT

Consumers, retailers grapple with data theft

(continued from previous page)

the cardholder has to pay for the first $50 of unauthorized transactions, or nothing at all. Businesses, however, in many cases have to cover the loss--a potentially heavy burden in the CardSystems case, given the large number of accounts exposed. If consumers aren't alerted, that means the compromised cards could still be active and may be used by criminals in a transaction.

"We'd really like credit card companies to take responsibility for their mistakes," said Tom Mahoney, director of Merchant911.org, a group of online sellers focused on preventing fraud. "They are not canceling the cards and re-issuing them because it costs them too much, and the merchants bear the cost of fraudulent charges as a result."

"We'd really like credit card companies to take responsibility for their mistakes."
-- Tom Mahoney, director, Merchant911.org

Re-issuing a credit card costs around $30, according to Visa. If the credit card companies were to replace all 40 million cards that may have been stolen, it might cost more than $1.2 billion.

Web retailers in particular are considered high risk by credit card issuers because they don't see the customer's credit card and can't ask for a signature or an ID. As a result, Web retailers end up bearing the burden on more fraudulent transactions than brick-and-mortar stores.

However, there is little need to worry, according to Visa. "Fraud really is at an all-time low--in the Visa systems, only 5 cents for every $100 transacted," said Rosetta Jones, a Visa spokeswoman.

Also, according to Visa, only about 2 percent of credit cards that are exposed after a data security breach are ever used improperly. "Very few consumers will be impacted by this," Jones said.

But for business owners like Gary Howell, who runs Howell Automotive in Keyser, W.Va., any case of fraud is one too many. He wants the affected credit card accounts deactivated. About one in every 50 transactions handled by his online auto parts business is already suspect, and Howell is afraid more fraud is on its way and that he will have to pay.

"The credit card companies know that the criminals have enough information to get by the security checks that an online merchant does," he said. "I'll be out the merchandise, I will be out all of the money, and I will get charged fees for being the victim of a crime--even though I did all of the security checks and did them right."

Previous page
Page 1 | 2

11 comments

Join the conversation!
Add your comment
Card companies should be forced to notify merchants, too!
Card companies are notorious for forcing requirements and responsibilities on others. They want to pawn off all responsibility for fraud on merchants and consumers, never acknowledging that their practices are major contributors to fraud: granting credit accounts without proper screening, failure to safeguard accounts, and failure to properly inform merchants about compromised cards and other information in their posession which indicate that fraud is taking place.

One of the industry's latest irresponsible initiatives is the pushing of "cash back" cards, and an attempt to charge merchants an extra fee when these cards are used...while hiding the nature of the card from the merchant and prohibiting him from passing the fee on to the consumer. This is a recipe for enlisting the least responsible card holders: those who would use these cards to pay expenses of others in order to collect the "cash back" for themselves. This encourages buisiness fraud and tax fraud, too.

While I generally oppose government stepping in where private enterprise can fix the problem, the card processing industry currently operates like a cartel. Therefore, if it does not take immediate steps to reform itself, government must step in and force it to do so.
Posted by landlines (54 comments )
Reply Link Flag
PRivate Enterprise will not fix the problem
> While I generally oppose government stepping in where
> private enterprise can fix the problem

It is way past time that the government step in. The financial industry is one that SHOULD be regulated.

Does it please you to know that your financial (and medical) records are moved to various entities around the world on a daily basis without your consent or knowledge? Does it please you to know that a clerk in India or China has access to all your records, and that the government is doing nothing to stop it? Will it please you when your information is given to criminals in India or China or Russia or some other far off land where you will have NO recourse to get your affairs back in order once your identity is stolen, your bank accounts drained, and charges racked up that you never made?

It's time for people to wake up. This laisez-faire attitude towards business has gone too far.
Posted by (274 comments )
Link Flag
EDI Secure LLLP sold out to IDPixie LLC
EDI Secure LLLP sold out to IDPixie LLC


A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.

My Pledge

I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Posted by Abdul Tawala Ibn Ali Ali (53 comments )
Link Flag
Card Makers Need To Rethink Candor...
Mr. AT Alishtari remembers an old joke where a doctor says I got bad news and worse news. The bad news is you got 24 hours to live and the worse news is I have been looking for you for 23 hours. When it comes to scams, scamming, fraud, phishing, pharming, robot attacks, zombies, trojans, online offshore investment attacks and full fledged cyber war by geekfathers and cyber crews the news is dire.

The problem is the consumer needs to know the worse of it so that immediate measures can be taken to ameliorate the problem. Yes two factor authentification with an offline device holds the best possibility of a solution but nowhere is a platform built using EDI Secure LLLP's US patent so card companies will have to license it and use stop-gap measures until the market can be secured.

That is better news than lets just let Western cash be devaluated by cyber crews from theft paid by insurance however the market must grow up. The secrecy and confidentiality of the past is past. What is left is candor that will establish who will grow from those who must shrink.
Posted by (66 comments )
Reply Link Flag
Due to market consolidation, I agree to above and add the below for notice.
A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Mr. Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.

My Pledge

I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Posted by Abdul Tawala Ibn Ali Ali (53 comments )
Link Flag
Government Will !!!
Asking the Credit Card Companies to regulate themselves is like asking a politician to stop "lying",it can't be done. But then the regulators are politicians.
Posted by (32 comments )
Reply Link Flag
Why Should Cardholder Pay ANYTHING!
So the card companies won't notify those who are affected, but if you are affected and you catch the fraud, it is going to cost you $50? What kind of extortion is this? It is MasterCards fault that THESE numbers got stolen, so the consumers affected should not have to pay one SINGLE penny in the event of fraud.

We need to contact our lawmakers and tell them enough. I want control of my information and I want those who violate that trust to pay.
Posted by (274 comments )
Reply Link Flag
One solution.
I figure that even if law makers create some kind of law for full disclosure the credit card companies will fight it in court. To help speed up the process I say everybody who has a card with Mastercard sues them in a class action lawsuit. I would also go as far as to make it manditory for any company that allows the theft of personal data to be held responsible and required to pay any damages that occur because of the theft, like identity theft or credit history being ruined because of fraud.

I would think that if you won it would put a lot of pressure on these companies to make sure your data is safe. I figure they will up fees, but given the amount of competition they may not.
Posted by System Tyrant (1453 comments )
Reply Link Flag
Automatic Cancellation Will Wreak Havoc
Imagine what kind of havoc will be done to folks who have their credit card accounts cancelled without notice. You're travelling on business or vacation and suddenly your transactions are declined. You can't pay for dinner, can't rent a hotel room, can't change your airline reservation, can't pay for a prescription at the pharmacy. As Karl Malden, the venerable Amex spokeman would say, "What will you do? What WILL you do?"

I'll tell you what you will do. You will cancel your cards BEFORE they are cancelled out from under you. You should control the timing, not the card companies.

Lastly, I foresee a lot of lawsuits down the road when people's cards are forcibly cancelled with no advanced warning and their lives are turned upside down. Actual and punative damages await the credit card cabal for shirking responsibility.
Posted by Stating (869 comments )
Reply Link Flag
Credit Data Security
If companies were fined $1000 for each account and each instance the account's data were compromised they'd find a sensible solution. And, YES, tell me, you'd better tell me, if you've allowed some one to commit fraud, up my average daily balance, increase my finance charge, possibly lower my credit rating, and STEAL MY IDENTITY!
Posted by (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.