[Dataloss] Debit-card fraud underscores legal loopholes

[lyger]

http://www.securityfocus.com/news/11381

Recent widespread debit-card fraud likely has roots in three major data 
leaks that occurred in the last six months, two of which have yet to be 
publicly disclosed by the companies involved.

Consumers have noted a large increase in the amount of debit-card fraud 
since the beginning of 2006, as well as a wide recall of cards by banks 
and financial institutions. Three major incidents are likely fueling the 
fraud, according to financial and security experts.

A breach associated with bulk-goods retailer Sam's Club last autumn likely 
resulted in millions of debit-cards potentially being put at risk, 
according to financial-industry insiders. A second, smaller breach 
affecting hundreds of thousands of debit cards has been connected to 
office-supply retailer OfficeMax, although that company has denied any 
breach of its systems. And, the most recent data leak occurred in an ATM 
network and likely affected millions of debit-cards as well, banking 
executives told SecurityFocus.

Despite security-breach notification laws on the books in 23 states, 
credit-card companies and financial institutions have not named the 
sources of the breaches.

"There are few details of these leaks because credit-card companies do not 
want people to lose confidence in debit cards," said Beth Givens, 
executive director of the consumer advocacy group Privacy Rights 
Clearinghouse.

The mystery surrounding the data breaches underscores loopholes within the 
majority of state laws which aim to mandate the disclosure of security 
breaches. Moreover, the silence over responsibility for the breaches 
contrasts consumer advocates' warnings that a federal law currently being 
considered by Congress will ironically roll back protections even further.

[...]