Wednesday, March 15, 2006
It isn't over until the losses have been totaled, but at least it is coming to an end.
14 people were recently arrested by New Jersey authorities in connection with one of the costliest debit card thefts we have seen. Ties led to international gangs but search and arrests warrants were made in Florida, Georgia, Massachusetts, and South Carolina. This was costly in more ways than one. It appears that a weakness in the payment system allowed PIN numbers to be retained when a debit card was used. These numbers were accessed and the criminal had the card number, and the PIN upon which we rely for security. This is akin to keeping the key to your front door on a hook next to the door knob.
While it hasn't been announced, many trace the fault back to OfficeMax and other merchants. OfficeMax has denied such breach was made to their systems. Regardless, the data was obtained and used from some source. It was an informant that lead police to the alleged perpetrators and the arrests began two weeks ago.
In addition to the charges bank customers saw on their accounts from places including Great Britain, Pakistan, Romania and Spain, banks had to reissue hundreds of thousands of debit cards as a preemptive measure to prevent direct monetary losses. Those banks should be applauded for their proactive measures and for having a plan and the facilities in place to handle the identification and reissuance. Financial institutions have paid a huge price in more ways than one. But the integrity of this payment system is in tact, though in need of refinement. What data is obtained, and retained must be questioned, as well as the security of that data.
This event will also remind financial institutions that customers can take security precautions with their debit cards, but still suffer losses. It is the institution that suffers the greatest loss. The card used wasn't an "authorized access device" and the consumer would have no liability. It is also a reminder that customers using internet banking will suffer from fewer unauthorized transactions. Using a home banking product, your customer will more quickly detect these transactions and alert you. So all institutions can learn from this, preparedness, infrastructure, data security, and marketing all go hand in hand.
14 people were recently arrested by New Jersey authorities in connection with one of the costliest debit card thefts we have seen. Ties led to international gangs but search and arrests warrants were made in Florida, Georgia, Massachusetts, and South Carolina. This was costly in more ways than one. It appears that a weakness in the payment system allowed PIN numbers to be retained when a debit card was used. These numbers were accessed and the criminal had the card number, and the PIN upon which we rely for security. This is akin to keeping the key to your front door on a hook next to the door knob.
While it hasn't been announced, many trace the fault back to OfficeMax and other merchants. OfficeMax has denied such breach was made to their systems. Regardless, the data was obtained and used from some source. It was an informant that lead police to the alleged perpetrators and the arrests began two weeks ago.
In addition to the charges bank customers saw on their accounts from places including Great Britain, Pakistan, Romania and Spain, banks had to reissue hundreds of thousands of debit cards as a preemptive measure to prevent direct monetary losses. Those banks should be applauded for their proactive measures and for having a plan and the facilities in place to handle the identification and reissuance. Financial institutions have paid a huge price in more ways than one. But the integrity of this payment system is in tact, though in need of refinement. What data is obtained, and retained must be questioned, as well as the security of that data.
This event will also remind financial institutions that customers can take security precautions with their debit cards, but still suffer losses. It is the institution that suffers the greatest loss. The card used wasn't an "authorized access device" and the consumer would have no liability. It is also a reminder that customers using internet banking will suffer from fewer unauthorized transactions. Using a home banking product, your customer will more quickly detect these transactions and alert you. So all institutions can learn from this, preparedness, infrastructure, data security, and marketing all go hand in hand.
Comments:
Post a Comment
Links to this post:
