Another week, another embarrassing IT security breach. Now a congressman wants to shine a spotlight on the companies responsible when customer data is lost.
Visa confirmed last week that an unidentified merchant reported a possible data-security beach, and major banks are sending letters to customers and issuing new credit and debit cards. The FBI and state officials are investigating the incident, which the San Francisco Chronicle said involves the theft of 200,000 card numbers that were used to create counterfeit cards. Visa, the nation's largest credit card company, said in a statement that cardholders are covered "by Visa's zero-liability fraud-protection policy."
What was stolen, how, and from which merchant wasn't disclosed. But the never-ending string of data losses has prompted Rep. Barney Frank, D-Mass., to suggest ways to embarrass companies in charge of security systems that get hacked. Those companies should be required to notify customers or be named as the party responsible for the breach, he says.
"If this cannot be done legally at present, I feel strongly enough on this point to make legislative changes to make this a requirement," Frank, the senior Democrat on the house financial services committee, wrote to Visa and MasterCard.
Visa responded that naming names before an investigation is complete "could be inaccurate and unfair" and would make companies reluctant to share information. But if these fiascos keep happening, customers may become reluctant to trust credit cards and merchants altogether.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.