Apr 3 2009   7:30PM GMT

When News Isn’t News

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

A client of ours was notified recently by their financial institution that some of their credit cards had been compromised by a vendor.

The rational question followed: “Which vendor?” To which the bank replied, we aren’t going to tell you in order to protect the reputation of the vendor. Given that a high percentage of vendors have had more than one security breach, why are banks protecting them? Wouldn’t you want to know which company had been broken into so that you could pay extra attention to transactions from that company?

This kind of financial behavior is what drives people to enacting regulatory requirements for notification.

“Citibank contacted my husband and told him that they would be re-issuing him a new account number because a “major merchant” had notified authorities that its secure data had been compromised. They would not release the name of the merchant, instead saying that it was “the kind of thing we would probably hear about in the news,” she writes.

Why do we have to hear about it from the news? Why are we protecting organizations that are not protecting their data? Because it would cost the vendor money, and that would impact the profits at the bank. It’s the same reason VISA doesn’t shut down big PCI violators – and it’s why we really need independent oversight.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • SAPjava74
    Kinda makes you think about the [A href=""]5 Things we learned from the Conficker non-event [/A] .....[I]the sky isn’t falling - but it does show some cracks at times.[/I]
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: