Credit Card Companies Win Battle Over Security Breach

Posted On: September 30, 2005

By Rebecca Lindsey, CardRatings.com Senior Staff Writer

With identity theft a very real threat these days, concern lingers over the security of consumer information held by credit card companies.    Chiefly, who is responsible for informing credit card holders when their personal information has been illegally accessed?

This question lies at the bottom of a legal entanglement concerning Visa USA, Inc. and MasterCard International Inc.    A pending consumer lawsuit targets both companies for a computer security breakdown that occurred between August 2004 and May 2005 at CardSystems Solutions Inc., a payment processor for merchants.

Ira Rothken, the attorney who filed the lawsuit, argues that Visa and MasterCard are obligated to notify the Californians whose account information was stolen and sought an injunction that would have required the warnings to be sent ahead of the actual trial, which does not yet have a set date.  &nbspRothken; cites a two-year old California law that requires credit card companies to inform customers in that state when their personal information stored on a computer is lost, stolen or otherwise breached.

Visa and MasterCard argued that they should not be obligated to send the notices because they don’t have direct relationships with the account holders, whose cards were issued by thousands of banks that belong to the associations.

A California judge ruled in favor of the credit card companies in mid-September, declaring that they did not have to send individual warnings to the thousands of consumers whose personal account information was stolen.

Linda Sherry of Consumer Action, a national watchdog organization, responded to the September ruling:

“This ruling is a travesty!    Consumers have to know as soon as there is a breach.   If the decision extends to debit cards, crooks would have the ability to get into their (consumers) bank accounts using stolen debit card information.    As experienced in California, where the breach notice law has been in effect, notification is a vital link in stopping misuse of consumer credit and banking information.”

The security breach was initially disclosed by MasterCard three months ago.    Personal information including customer names, account numbers and security codes were among the information stolen, exposing 264,000 nationwide credit card holders to possible fraud.    Up to 40 million additional credit and debit accounts were exposed to potential abuse.

Sherry adds:

“Credit card companies must implement systems to ensure that breaches don’t happen.   But if they do, they should certainly not be swept under the rug. Consumers have a right to know.”

The lawsuit is one to watch and this situation reaffirms the need for cardholders to perform self checks of their credit history to ensure fraudulent activity has not taken place on their accounts.

We welcome your comments about credit card issues in our popular credit forum!

CardRatings.com is the most comprehensive source for comparing credit card offers.   CardRatings.com is pleased to offer consumers free credit card ratings.

Posted in credit card |

Share this article with:

No comments yet.

Leave a Reply