Friday, March 10, 2006

Huge debit card scam suggests that retailers keep PINs on file

Thanks to David Canton (http://www.canton.elegal.ca/archives/2006/03/index.html#a000617) for pointing me to this article on MSNBC:  http://www.msnbc.msn.com/id/11731365/ 

Banks and others involved in the financial sector have reported a huge surge in ATM fraud in the past little while. The surge has led to speculation that it cannot be tied to traditional scams, such as card skimming and shoulder-surfing.  It is reported that a US based retailer has stored the confidential PINs associated with past debit card transactions and this database has been compromised.

Apparently scammers would rather go for cash than credit.

I agree with David Canton that keeping PINs would likely be against PIPEDA in Canada, because you can only keep personal information for as long as reasonably necessary, which would only be the immediate authentication of the transaction in question. For Canadian readers, take note: if you keep this information and it is compromised, you will likely be on the hook for every penny that is lost by consumers and their financial institutions.

(Pardon the formatting and any typos. I'm posting this from my blackberry since I'm stuck in an airport.)

No comments: