To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://www.silicon.com/financialservices/0,3800010322,39158406,00.htm

Leader: Had a security breach? 'Fess up
Your customers will thank you...

By silicon.com

Published: Wednesday 26 April 2006

In all likelihood, MasterCard's recent data breach - in which fraudsters stole the credit card details of 2,000 MasterCard holders - did not affect the credit card giant's US customers.

How can we tell? Because the company has given no indication of how the breach occurred and which issuing banks were affected - and we're guessing that's because it's not legally required to do so in Europe.

In the US, on the other hand, financial companies are coming under increasing pressure to inform their customers about data breaches.

A Californian law, the Security Breach Information Act, requires any company with presence or customers in that state to notify those customers if their personal data could have been compromised.

A similar law for the whole country, the Data Accountability and Trust Act, is in the process of being drawn up and presented to the Federal Trade Commission for approval.

But in Europe our governments are a bit slower off the mark in keeping legislation up to speed with changes in technology. The UK has no similar laws to inform consumers of data theft, which effectively means that MasterCard has no legal responsibility to explain exactly what happened in this recent or any other breach.

This shouldn't be the case. Customers need to be informed of threats to their personal information and there's no way all companies will admit they have suffered such breaches unless forced to.

Companies shouldn't be afraid to admit security breaches. It's understandable why they might - especially in the finance sector - be worried about the bad press that could ensue from 'fessing up.

But there are those who believe coming clean about security issues can actually do your reputation a lot of good - by building trust with customers that you'll always deal with them honestly.

This is one case where honesty is indeed the best policy.