Saturday, June 18, 2005

It’s 1am, Do You Know Where Your Credit Card Is?







Forty million more credit cards at risk out there, who-knows-where.  That, according to this morning’s revelation and this it's time an Arizona credit-card processor, Credit Card Solutions, who dropped the ball. This latest security failure is just another of the embarrassments of recent months that have now put nearly everyone with a card at jeopardy.


A visit to Credit Card Solutions web site makes no excuses and takes a very straightforward approach to explaining what happened. Unlike government, credit card processors depend upon consumer faith in their integrity and so they get out in front with the truth instead of making knee-jerk denials.


But it’s happened again and as I suggested in an earlier commentary, no one knows where the incursions end, if anywhere. Congress is in a turmoil of what-to-dos with each elected official salivating to get his name attached to a piece of legislation. The problem is that no one really knows any more about how to handle this then they do the more pervasive but less threatening issue of spam. Charles Shumer, Senator from New York didn’t waste any time getting a news release out that said "Hardly a week goes by without startling new examples of breaches of sensitive personal data reminding us how important it is to pass a comprehensive identity theft prevention bill in Congress quickly."


Quickly isn’t likely to fix it, Chuck.


MasterCard says it supports the extension of data security laws. MC would have transaction processors (like Credit Card Solutions) and data brokers (Trans Union and others) meet the same standards as banks. If they were required to meet the same standards as banks, they would no doubt absolve themselves from any losses due to fraud, but collect a fee someplace along the line for the cost of the fraudulent transaction. Shockingly, that’s what card-issuing banks do. They not only take themselves conveniently off the hook, but charge fees to merchants for reversing unauthorized charges. It’s just another income stream for the banks.


The banks are sitting pretty. Banks always sit pretty.


It's retailers who are left holding the bag financially and with all the hand-wringing in Congress about consumers at risk, it’s really the world-wide merchants, particularly those who do business on the Internet who are taking a bath. For all those dancing on one foot and the other, eager to throw this or that law out there with their name on it, no one knows how to do it. At least not without the banks leading the charge and that just isn't going to happen.


If the banking industry were part of the liability stream, there’d damned sure be a quick fix along the lines of additional encryption or a layering of access codes. But banking interests are best served by easy access to cards and they have thus far insulated themselves from taking any kind of hit when things go wrong.


Wouldn’t it be a miracle to see Congress go after the banks?


For more comments on Washington at work, see my personal web site.