By silicon.com, 26 April 2006 15:45
In all likelihood, MasterCard's recent data breach - in which fraudsters stole the credit card details of 2,000 MasterCard holders - did not affect the credit card giant's US customers.
How can we tell? Because the company has given no indication of how the breach occurred and which issuing banks were affected - and we're guessing that's because it's not legally required to do so in Europe.
In the US, on the other hand, financial companies are coming under increasing pressure to inform their customers about data breaches.
A Californian law, the Security Breach Information Act, requires any company with presence or customers in that state to notify those customers if their personal data could have been compromised.
A similar law for the whole country, the Data Accountability and Trust Act, is in the process of being drawn up and presented to the Federal Trade Commission for approval.
But in Europe our governments are a bit slower off the mark in keeping legislation up to speed with changes in technology. The UK has no similar laws to inform consumers of data theft, which effectively means that MasterCard has no legal responsibility to explain exactly what happened in this recent or any other breach.
This shouldn't be the case. Customers need to be informed of threats to their personal information and there's no way all companies will admit they have suffered such breaches unless forced to.
Companies shouldn't be afraid to admit security breaches. It's understandable why they might - especially in the finance sector - be worried about the bad press that could ensue from 'fessing up.
But there are those who believe coming clean about security issues can actually do your reputation a lot of good - by building trust with customers that you'll always deal with them honestly.
This is one case where honesty is indeed the best policy.
Comments
There is 1 comment. Join the discussion
1. anonymous
My husband and I were two of those affected customers. We have a Mastercard with Goldfish. We were told only that "a security breach had occurred" and that our cards would be reissued with a different number. Goldifsh did after all have to tell us something as our cards were still in our possession, well within the credit limit and yet they had cancelled them!! I feel uneasy now to think that a fraudster has somehow got some information about us. I mean, just how much information did they get? Do they know where we live? What we've bought recently? How much money we spend? I think the banks should be obliged by law to tell you exactly what personal information has fallen into the wrong hands and how it has happened. Otherwise, how can you ever feel that personal information you give to such institutions (earnings, mother's maiden name etc.) is secure?