Another week, another embarrassing IT security breach. Now a congressman wants to shine a spotlight on the companies responsible when customer data is lost.
Visa confirmed last week that an unidentified merchant reported a possible data-security beach, and major banks are sending letters to customers and issuing new credit and debit cards. The FBI and state officials are investigating the incident, which the San Francisco Chronicle said involves the theft of 200,000 card numbers that were used to create counterfeit cards. Visa, the nation's largest credit card company, said in a statement that cardholders are covered "by Visa's zero-liability fraud-protection policy."
What was stolen, how, and from which merchant wasn't disclosed. But the never-ending string of data losses has prompted Rep. Barney Frank, D-Mass., to suggest ways to embarrass companies in charge of security systems that get hacked. Those companies should be required to notify customers or be named as the party responsible for the breach, he says.
"If this cannot be done legally at present, I feel strongly enough on this point to make legislative changes to make this a requirement," Frank, the senior Democrat on the house financial services committee, wrote to Visa and MasterCard.
Visa responded that naming names before an investigation is complete "could be inaccurate and unfair" and would make companies reluctant to share information. But if these fiascos keep happening, customers may become reluctant to trust credit cards and merchants altogether.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.