I just came up from the newsstand, where I spent $2.65 on a bottle of Diet Coke and a package of peanuts. Turns out I could have bought five debit card numbers on the black market and had $0.15 left over.
Stolen debit cards are worth $0.50, probably because the market has become flooded with excess supply. The number of accounts that were compromised in 2008 exceeded the amount from the previous four years combined, according to data collected on behalf of Verizon Communications Inc.
Banks have increasingly been targeted by criminals looking to steal debit and credit card information, according to the report. Banks accounted for 30% of all breaches, more than double the amount in 2007. The primary means of stealing account information is during transmission between a point-of-sale terminal and the financial institutions, according to a Verizon executive.
What is the appropriate reaction? More righteous indignation? Mock surprise? Seething anger? I’m at apathetic indifference, because this has been a known problem for years and the banking industry has resisted upgrading its security to the point where nobody bats an eye when they get letters from institutions about data breaches followed by envelopes with new debit cards. Maybe that’s what the industry was shooting for all along — it’s kind of like when the check engine light comes on in your car and nobody rushes to the mechanic to fix it. Only when the car breaks down at 2 a.m. on an unlit road adjacent to a cemetery and across the street from an abandoned mansion that the problem is deemed to be worthy of attention.
Am I making too much of this? Or should this problem be addressed in a more expedient fashion?
“…this has been a known problem for years and the banking industry has resisted upgrading its security to the point where nobody bats an eye when they get letters from institutions about data breaches followed by envelopes with new debit cards.”
I disagree with this excerpt from your post. The banking industry and it’s security is not at fault in a great majority of the reported breaches. The primary fault and source of the breaches lies with either a retailer (i.e. BJ’s Wholesale Warehouse, TJX/TJMaxx, etc.) or with a merchant processor (i.e. Heartland Financial). I guess if you consider those part of the banking industry, then the statement is correct. Banks provide authorizations through various electronic transaction switches to these processors and retailers/merchants, but they are not the source of the breach. Until the source of the breach, which is often times not released by MasterCard or VISA, is penalized for their lack of security, the breaches will continue.