Credit Card Breaches Not Only Old Hat, But Also Declining
from the common-sense dept
In the wake of CardSystems outrageous 40 million customer data exposure and its seemingly quaint predecessors, the Monday morning quarterbacks are weighing to explain what we’ve all known for a while now: security breaches of this kind are nothing new, it’s just that we’re finding out about them more. In fact, the evidence shows that the incidence of credit card fraud is actually declining. Turns out that banks and merchants have been tackling this issue for some time, and actually reduced illegal credit card purchases by $100 million between 2003 and 2004. The industry still has a ways to go (after all, $788 million worth of fraud is still a serious problem), but at least there are signs of improvement. The same can’t be said of identity theft, which the BusinessWeek story says is slightly on the rise and probably fueling the misperception about fraud in general. Of course, identity theft is a much more damaging crime with fewer solutions than a bunch of fake charges on your credit card. And, scammers don’t need to swipe tons of data to cause widespread problems. Just a couple hundred thousand people’s info will do.
Comments on “Credit Card Breaches Not Only Old Hat, But Also Declining”
Breach numbers revised downwards
Your claims of “40 million MasterCard” customers are misleading and out-of-date. First, of the 40 million people *possibly* impacted by the breach last week, only about 14 million were MasterCard. The remainder were customers of Visa or other companies. Second, on Sunday MasterCard updated their estimates to say that of the 14 million customers possibly impacted, only about 70,000 really neeeded to worry. This doesn’t excuse the breach in any way, but it’s bad form for you to keep pounding the pulpit with that 40 million figure when it’s already been revised.
CNN coverage of the updated estimate [CNN.com]
Re: Breach numbers revised downwards
Hmm. I’ll step in to defend Brett here. Did you read what he wrote? He said 40 million exposed — which is true. He never said they were all MasterCard, so it’s no clear why you’re complaining about that aspect. And just because only 70,000 had their data taken, it doesn’t change the fact that 40 million were *exposed* (exactly what Brett said) — which is a problem.
Re: Re: Breach numbers revised downwards
This was not the best article to attach the comment to, although if you click the first link in the posting (the one talking about 40 million customers) it brings you to another posting which only talks about MasterCard. In fact, Techdirt specifically takes MasterCard, and only MasterCard , to task for the breach in the linked posting, even suggesting that MasterCard should be fined by the FTC. No mention is made in the linked posting or in this posting of the revised estimates, which would lead an uninformed reader to conclude that 40 million people are at severe risk for identity theft, which is not true. As I stated previously, there’s no excuse for the breach, but neither is there for the manner in which the story is presented here, which strikes me as unbalanced at best.
Re: Re: Re: Breach numbers revised downwards
At the time of the first story, we wrote what the news at that time was about — which was the 40 million names. The additional data only came out later. In the later stories, we made the situation quite clear. The “revised estimates” still seem like a marketing attempt to cover up how egregious this data leak was. It was clearly stated in this post that 40 million names were exposed — which is exactly the issue. I think you’re reading too much into our coverage.