Saturday, MasterCard blamed a vendor of ALL credit card providers called CardSystems Solutions, Inc., a third-party processor of payment card data, as the source of loss of 40 million consumers credit card information.
As is pointed out by several newspaper and web articles over the last few weeks, each recapping long lists of financial information data breaches, something's gotta give before we entirely lose trust in financial institutions, data brokers and credit bureaus. How much privacy loss can we take without acting?
These types of data loss were very likely common and have very probably been going on for a very long time. The difference is that now, THEY ARE REQUIRED BY LAW TO DISCLOSE THOSE LOSSES - not just in California, but in many states. National disclosure laws on data security breaches are being considered in Congress.
I suggest that these breaches of data security all came to light due to the California law requiring disclosure from companies suffering hacking loss or leaks or social engineering or crooked employees or organized crime rings posing as "legitimate" customers. All of the above have been given as reasons for security lapses or poor security policies.
About three years ago, a friend told me his paycheck deposit to Bank of America went missing from account records after he took his check to the bank on Friday. By Monday, Bank of America was in the news claiming a computer glitch had disappeared the entire day's deposits. I mumbled to myself, "I'll bet that was a hack and that hacker just made a huge offshore banking deposit with B of A depositors' money."
But we didn't find out why it happened in that particular case because there was no disclosure law in place at the time. Now we have disclosure laws that mandate notice of security breaches. Now suddenly - huge financial services hacks and devious criminal social engineering outfits posing as legitimate customers and apparently "innocent" losses by transport companies of backup tapes begin to come to light.
This spate of data loss incidents is proof of the need for corporate "sunshine laws" that make public notice mandatory of those data losses that threaten customer information.
Who is going to lose here - the public, the corporations, the criminals, or the government? I'd prefer that the bad guys get the shaft and take down crooked company insiders that either facilitate data loss by underfunding security and encryption or participate in data theft or loss in any form - even if that participation is security negligence.
Financial companies and data brokers have been covering up the losses and keeping quiet about hacks so as not to worry or frighten their customers. But that practice is essentially ended now that they must notify the public and disclose those losses instead of hushing them up.
Keeping the breaches hidden from public view is bad practice as it maintains the status quo. Disclosure will facilitate internal corporate lockdowns on the data and all access to it. Disclosure will educate the public to the lack of security and danger to the sensitive information we all provide rather casually and routinely to businesses.
As the following link to a silicon.com story suggests, we cannot take much more of this lack of regard to privacy and must lock down financially sensitive data securely and must begin to hold data brokers, bureaus and handlers VERY accountable.
Insist to your elected representatives that your financial data be locked down, encrypted and guarded by those entrusted with storing, transporting and using it. Since our financial, medical and legal lives are increasingly being housed in digital form and transmitted between data centers of multiple handlers - we need to know it is secure. We also need to know when that security has been breached and our data compromised or lost.
Thieves are becoming more aware of the ease with which they can find and access financial data. Hacking is not the source of the greatest losses.
Organized crime has easily found their way into our financial records by simply paying for it by posing as "legitimate" business customers of information brokers such as ChoicePoint and Lexis/Nexis. Any business can buy financial and credit information from those information bureaus and credit reporting agencies by meeting rather lax requirements for "need to know" that data.
As long as it is possible to purchase our sensitive data from brokers and bureaus, organized crime will "legitimately" buy it from those sources, then ruin our credit by selling that information at a higher price in identity theft schemes.
Since disclosure laws have come into effect, those breaches have been made public, credit cards cancelled before losses can occur and credit reports monitored to watch for suspicious activity. The bad guys activities are squelched because we are made aware of the possibility our information has been compromised.
Not all blame can go to financial institutions and data brokers. Protect your own private data by protecting your computer records at home, in the office, on your laptop and in your PDA by using basic keyword security and locking down files. Use built in encryption on your operating system and your home network to keep data secure. Then be certain to clear that sensitive data off the computer when you sell it or throw it away.
Data security is something we all need to take seriously and the corporate breaches are dramatic illustrations of how important it has become to build digital fortresses around our critical financial, legal and medical information.
Mike Banks Valentine is a privacy advocate and blogs about privacy issues at PrivacyNotes.com You can read more about identity theft issues at: Publish101
Contact MikeValentine for Search Engine Optimization http://www.seoptimism.com
Credit card fraud is a growing problem for online businesses... Read More
When surfing the Internet you probably take your anonymity for... Read More
Long gone are the days that we could feel secure... Read More
Paypal is a great site and is used by many... Read More
Spyware is software that runs on a personal computer without... Read More
First, let's do a little recap'. As I stated in... Read More
Spyware, viruses and worms... oh my!If you are connected to... Read More
Today,on most internet user's computers, we have the ability to... Read More
The internet is undoubtedly a fantastic resource for families and... Read More
From the "Ask Booster" column in the June 17, 2005... Read More
You can detect spyware online using free spyware cleaners and... Read More
Pharming is one of the latest online scams and rapidly... Read More
Having a good Spyware eliminator on your computer is vital... Read More
Over £5 billion pounds was spent on online shopping in... Read More
Millions of people make purchases online, but many people are... Read More
P C. owners are constantly at risk from attacks by... Read More
Let us take the example of scrambling an egg. First,... Read More
Spyware and adware are becoming major problems for online surfers... Read More
The Internet is a vast International Network of people and... Read More
A little bit of time invested into learning about internet... Read More
Identity theft is one of the most common criminal acts... Read More
According to the Anti-Phishing Working Group (APWG) email scams also... Read More
There you are busily typing away on your PC or... Read More
If you use emails actively in your communication, you must... Read More
IPv6, IntroductionThe high rate at wich the internet continualy evolves... Read More
You are at your computer, checking out software on EBay.... Read More
Have been an Internet user for more than 9 years,... Read More
Internet scams and frauds are on the rise! The quantity... Read More
Today's Internet or World Wide Web is being over regulated.But,... Read More
"Phishing," the latest craze among online evil-doers, has nothing to... Read More
The Message Must Get Through The year is 300A.D.,... Read More
As more people are logging onto the Internet everyday, Network... Read More
On December 8, 2004 Webroot, an award winning anti-spyware solution... Read More
The trash folder in my main inbox hit 4000 today.... Read More
If you constantly deal with bank or electronic accounts, it... Read More
When we think of adware, what comes to mind are... Read More
There are several basic concepts to keep in mind when... Read More
The internet is undoubtedly a fantastic resource for families and... Read More
Despite the current wave of identity theft and corporate security... Read More
First off I should explain what phishing is. Phishing is... Read More
The average computer is packed with hidden software that can... Read More
Let us take the example of scrambling an egg. First,... Read More
There has not been a time in the history of... Read More
Today's Internet or World Wide Web is being over regulated.But,... Read More
The Loss Prevention Manager should be receptive to the needs... Read More
1. Importance of a Virus Scanner: A Antivirus program can... Read More
At this point, if you've got the whole "turning the... Read More
Shopping for horse gifts or other gift items on the... Read More
Scams involving email continue to plague consumers across America, indeed... Read More
Have you ever had to call Symantec or McAfee to... Read More
During the release of a new software product specialized to... Read More
Sooner or later everyone with an email account will receive... Read More
Security leaks can be a big problem for any site... Read More
I Challenge You To Crack The Code ------------------------------------- I had... Read More
The 1998 Data Protection Act was not an extension to,... Read More
"You've just won a fabulous vacation or prize package! Now,... Read More
Working from home has its advantages, including no commute, a... Read More
Spelt phishing, but pronounced as above, this despicable act is... Read More
Afraid that someone is monitoring your PC or installed a... Read More
Virus damage estimated at $55 billion in 2003. "SINGAPORE -... Read More
So called phishers try to catch the information about the... Read More
If you are a parent, you have probably wondered at... Read More
If you know what is the 'Fishing' then it's very... Read More
No, this article isn't about some new, lose-20-pounds-in-a-week, certified-by-some-tan-Southern-California-doctor diet.... Read More
Have you ever bought a product or service from the... Read More
A new variation of the Nigerian Scam theme ... Read More
Internet Security |