1 min read

Data Security Movement Back-Burnered By Lawmakers

Despite a year's worth of highly publicized security breaches and a lot of talk in Congress this summer on ways to protect consumers, there's been too little done to protect U.S. consumers' data, Gartner research director Avivah Litan says.
Sam's Club, as well as card companies MasterCard and Visa, have been tight-lipped about the fraud, which worries Litan. "Visa and MasterCard have not made public statements on the Sam's Club incident, even though this theft of the most sensitive card data, magnetic stripe data, appears to violate their Payment Card Industry (PCI) standard," she said. "Neither the card companies nor Sam's Club has been forthcoming about how many cardholders are potentially affected."

The fraud likely involved gas pump "skimming," where hackers capture the data from a magnetic strip when it's pulled through a reader, then use that data to reproduce illegal copies. The practice has been long used to rip off consumers at bank ATMs.

"Some lawyer probably read through the California notification law and/or the PCI standard, and decided that the breach wasn't subject to either," said Litan. "I think Sam's got away with not disclosing details of the fraud."

Nor will next year be a landmark one for data security. "I'm not optimistic," she admitted. "Security spending will continue to increase, but for many companies, the only motivation will be to keep themselves out of the media."