MasterCard Taking Breach Too Lightly?

I would just like to comment on the article written by David Morrison in the June 29th issue regarding the major credit card security breach. The security breach was caused by CardSystems Solutions keeping data “for research” – even though it was in violation of card regulations. CardSystems Solutions acknowledged that they should not have been keeping the credit card data. Yet, MasterCard’s spokesperson stated that they were not prepared to discuss penalties, fines or sanctions and even hinted that no penalties would be forthcoming. MasterCard stated that CardSystems Solutions was cooperative and proactive about informing them about what had happened and have changed procedures. It seems that the losses they have caused are being minimized and taken lightly. The article has several phrases that really bother me as I read them: * “a relatively low number” 200,000 – were actually stolen * “only 68,000 accounts” are at the highest risk for fraud * data lost was “merely” the card numbers, expiration dates and security codes * “financial losses are at risk” and not identity theft One executive stated that everyone in the payments industry has the responsibility to address fraud and card safety and put protective procedures into place. And so it would seem that when a company deliberately violates regulations for data security and puts cards at risk for fraud, very strong sanctions along with fines and restitution should be required. Card issuers have (and will continue to have) tremendous costs and time involved in closing out compromised cards and issuing new cards. We should be reimbursed for the costs we are incurring due to the improper actions of CardSystems Solutions. Card issuers should not have to suffer the consequences for a company that engaged in high risk behavior and put millions of accounts at risk. We are also the ones who are meeting with consumers, to reassure them that their accounts are safe and the card payment system is secure. This task will only be made more difficult if the company that created this problem is not sanctioned and made to pay for their violations. There is enough card fraud due to hackers and criminals – let’s not have the card processing companies help them out!! Missey Kelly President/CEO Saginaw Medical FCU Saginaw, Mich.