The problem rests with the internal priority many of these data handlers have placed on their own systems. If they regularly audit their processes and provide immediate information to consumers about possible breaches in their secure chain, the system is easier to handle and more difficult to undermine. It is also becomes more expensive to operate.
The Gramm-Leach-Bliley Act and the security safeguard that the FTC requires as a consumer protection does not include the contracted companies used in the processing of information. Other than audits and reassurances that they are complying with card issuer requirements, the system is ripe for fraudulent operators who are able to find room to drop scripts into the system to harvest information.
There is also a liability issue at stake. Who should pay for what has happened and what should we do short of not using credit in any way, shape, or form? The card issuers should pay for any breach in the process but don't count on it. Much of the loss will be passed onto the merchant who sold the goods to a fraudulent account and ultimately those costs will be passed on to the consumer. This group has an incredibly powerful lobby to battle any regulation that would attempt to change their liability otherwise.
Much of the problem lies with the continued free flow of your Social Security numbers. Far too many companies require the use of that number as identifier. Currently, only in-house regulations by companies themselves are watchdogging over the system. You can and should refuse to offer your number during not only computer transactions but on cellular transmissions as well. Insist that the company requiring you to give them this vital piece of information has security in place to protect that number. Many people never ask what those safeguards are.
Congress should move quickly to make consumer notification of lost information a nationwide priority. As I mentioned earlier, California is the only state with such notifications in place. Should there be no breach affecting consumers from that state, banks issuing credit or other institutions that handle sensitive data can keep the information of such breaches internal while waiting to see how the data was compromised.
All credit requests should come from notarized sources. Sounds like a hassle but by authorizing credit checks, you have essentially insisted on confirmation that it was indeed you that has applied for new credit.
As technology continues to allow rapid transfer of data, password protection has become less secure as well. Software exists that can crack just about any combination of characters and numbers. This has led to an increase in "phishing" for account numbers using emails that seem to be authentic. Once again, the companies involved can add another level of protection in the form of smart cards or tokens.
Being able to turn off your credit could help immensely. The Federal Credit Billing Act protects consumers whose credit cards have been compromised for anything beyond $50 but that law does not include using stolen information used to open new lines of credit or even from illegal equity taps.
The consumer should begin a list of all those who have any credit information on you from your phone company and cable provider to brokerage accounts and banks. Check all statements monthly for any changes to your information or services that may have been added. Phone your bank for weekly statements that affect your checking and debit accounts. Protect you mail boxes from theft. And insist that your state's senators push for a widening of the Gramm-Leach-Bliley Act to include all legs of the processing of data.
And lastly, check your credit yearly with the following company:
AnnualCreditReport.com
P.O.Box 105281
Atlanta, Georgia 30348-5281
1-877-322-8228
