Fraudulent credit card use proves why we need disclosure laws

By Ron Condon, UK Bureau Chief 19 May 2008 | SearchSecurity.co.uk

Digg This!     StumbleUpon     Del.icio.us

Or was the call really from my bank? Was it a scammer trying to get my details? Of course not, they were asking me to call the normal 0845 number, so it had to be genuine.

So I called, went through the security questions, and asked what it was about. They wanted to check my last few credit card transactions, there was apparently a problem.

As they read through the last three or transactions, they all sounded like mine -- nothing out of the ordinary. Then I was passed to the fraud team, which sounded worrying. They took me through the same exercise, but with more transactions just to ensure they were all OK. They were.

Suddenly becoming a victim of credit card fraud, rather than just writing about it, made me feel angrier than I'd expected.

Then the woman from the fraud team explained: my card details had been 'compromised', they would be cancelling my account and re-issuing me with a new card. No harm done, then.

"Is there anything else I can help you with today?," she asked.

Well, I wouldn't mind knowing how they'd spotted there was something wrong with my card, I said. Had there been attempted transactions overseas somewhere, for example? She couldn't tell me, saying the police had supplied them with a list of compromised credit cards, no other information.

The experience raised a mixture of feelings. Suddenly becoming a victim of credit card fraud, rather than just writing about it, made me feel angrier than I'd expected. Like anyone who has been burgled, or worse, there was a sense of outrage. How dare they do that to me?

On the other hand, I was impressed to see that the fraud prevention system worked so well. The bank's systems and staff were quick off the mark, and I have the comfort of knowing I won't suffer any financial loss, or even have to get fraudulent transactions cancelled.

But I would like to know more. How did the details get out? Was it an internet-based attack, or (more likely) someone in a shop who's copied my card details?

Without that information, how do I guard against it happening again? If it was a retailer who was to blame, I'd like to know who it was. I'd like to have justice and information, as well as protection.

Even as an unharmed victim, I should have a right to know, like they do in the US where consumers are kept informed of the loss of personal data. The sooner we get mandatory disclosure of breaches here, the better.

Tags: Data Protection Solutions and Strategy,  Compliance Regulation and Standard Requirements,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data Protection Solutions and Strategy First of data loss prevention vendors touts downloadable DLP software Ministry of Justice asks for input on UK privacy laws PCI PTS: Understanding PCI PIN security requirements IBM to acquire BigFix for configuration, vulnerability management Survey: SMB security increasing for better cybercrime protection PCI call centre: Understanding PCI DSS call recording requirements NuBridges update enables simultaneous data center tokenisation Prevent data leakage with secure media reuse policies PCI-compliant POS: Retail chain nears PCI compliance in the UK Data security in financial services, IT security jobs in UK on the rise Compliance Regulation and Standard Requirements PCI compliance UK: The future of European merchant PCI compliance ISO 27001 SoA: Creating an information security policy document Ministry of Justice asks for input on UK privacy laws Exclusive PCI DSS news: EU regional director rallies UK merchants PCI PTS: Understanding PCI PIN security requirements PCI call centre: Understanding PCI DSS call recording requirements NuBridges update enables simultaneous data center tokenisation PCI-compliant POS: Retail chain nears PCI compliance in the UK SSC announces PCI-certified internal auditor course for PCI assessment Varied QSA assessment quality causes PCI compliance issues

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Data Protection Act 1998  (SearchStorageUK.com) Information Commissioner's Office (ICO)  (SearchStorageUK.com) UK Identity Cards Act  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary