[ news_security_news ]
Visa Faces Merchant Hacks
John Stith
Staff Writer
2005-12-27
 Insider Reports RSS Feed
The massive credit card empire known as Visa may be facing a serious problem after the company admitted a merchant experienced a security breach. This breach compromised credit card numbers and all the accompanying information on the account.
CNet reported on Christmas Eve that Visa, in a statement, said when the learned "of the compromise, Visa quickly alerted the affected financial institutions to protect consumers through independent fraud independent fraud monitoring and, if needed reissuing cards."
This issue doesn't look good for Visa, as they and other companies have struggled, perhaps in vain, to stop identity theft. The problem is larger companies like Visa don't have real financial incentive to stop the identity theft and therefore no reason to crack down hard on the problem.
Let's really consider the issue. While Visa may get a small amount of bad publicity, there name is still in the news. The issuing institution, Wells Fargo (who owns American Express), pawned the problem off on Visa and they should've. While the merchant involved hasn't been mentioned directly, the merchant will pay all the penalties here. What happens is Visa charges the acquiring institution penalties which generally get passed on to the offending merchant.
If the compromised numbers are used in purchases, Visa will happily refund the money back to the customer and then the retailer who was defrauded will cough up the money to the aforementioned acquiring institution who then must deal with Visa. Then, while the various customers try and straighten out their credit and debit card issues, it may cost that consumer time and money. This may or may not be completely rewarded back to the customers, as they may have to deal with returned check fees or even worse, hiked up interest rates. They may have had a 0.0% interest rate, which is quite good. Now they've got a 29.9% rate and a whole host of other things thrown into to boot.
Is Visa really liable for any of this? Not really. All the loss goes to either the consumer or the merchant involved. Until the credit card companies take some major financial hits they won't fix this. Visa isn't the only one either. Until they get hit with billion dollar losses over identity fraud, they will not take this problem seriously. And why should they?
CNet mentioned the CardSystems fiasco in their story in which 40 million identities were compromised. Not that many were stolen but the potential was there. The reason is CardSystems was holding on to information they were supposed too. The company did take a PR beating but, based on their site, appear to be doing reasonably well. All the big card companies talked loudly and said they pulled their business from the company. Not too much happened to them. And… if Visa, MasterCard and other companies had been properly auditing the company, none of this would have happened.
At this point, monitoring does go on by third party processors. While sources say compliance with rules of the Payment Card Industry (PCI) security standards are audited regularly by these third party companies, one must questions the credibility because these hacks and other losses seem to happen with such frequency and it's only going to get worse. What's bad about this hack is that most merchants use more than one credit card. It's probably fair to say the merchant uses Visa, MasterCard, maybe American Express and/or Discover. How many people is that? What else is compromised? Who takes responsibility?
Until the financial incentive exists for credit companies and other monolithic financial institutions to clean up security and put forth a concerted effort to stop it, then these crimes against retailers and consumers will continue unabated.
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
