Search This Blog

Tuesday, April 11, 2006

New Regulations Needed to Protect Credit Card Users

My wife made a purchase recently at a farmers market using her credit card to complete the transaction. This is one of those planned events held in shopping centers and strip malls across the country which frequently produces unique items you can’t find anywhere else, made by the very people from whom you are buying. It’s an experience thousands flock to regularly, but it could be a disaster in the making if some changes aren’t made.

In December of 2003, the Fair and Accurate Credit Transaction Act-FACTA was passed, which specifies that no more than the last five digits of your credit card number can be printed when you make a purchase. However, the law governs electronically printed receipts, and doesn’t apply to transactions where the number is either written or executed by an imprint. In other words, thousands of times daily, credit card numbers, maybe yours, are recorded on paper that may or may not be secure.

The merchant used the old-fashioned imprint machine to record my wife’s credit card information, which clearly states the full sixteen digit credit card number. From experience, I know he or she must deposit this receipt to a business account for credit, so, hopefully, it won’t be lost. What worries me is just who, and how many, other people see this number in the trip to the bank.

The “mom and pop” merchants in this country are the very backbone of our great system of commerce. They should be given considerations, but not at the expense of losing my identity to thieves that lurk at every corner…and farmers markets. Folks, they are everywhere, as evidenced by the outbreak of security breaches in 2005. Give them a grace period to comply, like Visa and MasterCard did all the other merchants, and make them stick by it.

You would think that one of the first things lawmakers would do after the recent rash of breaches would be to plug the loopholes of existing law to better protect the consumer. Just imagine that the person who took my wife’s credit card number goes to a bar for a drink on the way to the bank, and someone steals all the daily receipts. Then, multiply that possibility by thousands of transactions like this every day.

ChoicePoint, LexisNexis and other data brokers do pose a huge threat to the security of our identities. They can lose millions of personal records in one quick event—illustrated by CardSystems exposing 40 million credit cards in June of 2005—and need to be controlled to prevent this from happening. But alas, it is not likely, with either current law or the recent blitz of identity protection legislation.

Real security will be accomplished only by individual consumer control over their name and personal data.

The Pittsburgh Post-Gazette printed an article by Robin Sidel from the Wall Street Journal “Identity theft—unplugged,” that quotes some recent figures from Javelin Strategy & Research. Some 29 percent of victims in the survey said their private information was stolen when they lost their wallet, checkbook or credit card. The balance of 71 percent is attributed to someone from the outside initiating the theft.

Most privacy experts agree that a large number of ID thieves get their information from traditional, low-tech sources. Even a family member, friend…or small neighborhood merchant.

It is time to update FACTA and include all merchants, no matter who they are, and seal this big hole in the ID theft dike. In the meantime, if you must make one of these purchases, let the businessperson know that you realize your personal data could be in jeopardy.

1 comment:

shannon said...

i can't believe that there are businesses that even have those big clunky machines to copy your credit card, with all the advancements made in credit card processing technology anymore. the last three big events i've been to, i parked in privately-owned lots which all wirelessly processed my credit card. i can understand how it might be impractical for a person who operates a booth at a craft fair to hold a merchant account, but it seems to me there has got to be a better way.