Here We Go Again

Now we have the Heartland Breach burning up the airwaves. Unless you were stuck in a cabin in the remote wilderness for the past few days, you heard about the most recent data breach of Heartland Payment Systems that resulted in approximately 100 million cards being compromised. Supposedly – bigger than TJX.

Reporters came out of the woodwork with headline stories discussing the latest Identity Theft story. Unfortunately, this is not an identity theft story. It is a story on stolen card information. This lack of understanding and mis-information does nothing to help us in the fight against identity theft.

Identity theft is when someone gains access to a person’s identifying credentials and uses this to either take over an existing account or open up a new account in the victim’s name. This leads to a serious burden on the victim who then has to fight for months and years to clean up their credit histories, their name and yes, their personal identity.

In the Heartland case, credit card numbers were compromised. Yes – this is serious, but from a consumer stand-point, it nowhere resembles identity theft. If someone gains access to your credit card number, what can they do with it? Virtually nothing. If you want to order merchandise online – you not only need the credit card number, but the Billing Name, Address and security code. Heartland maintains that this information was not part of the breach.

Even if it were compromised, this is not overly impactful to the consumer. Even if the card were used fraudulently, it would be the merchant or issuer that would bear the brunt of the damage. For the consumer, when they saw the fraudulent transaction – they would call their issuer and would not be liable for anything beyond $50 (which is never collected anyway). At that point, the issuer would issue a new card and numbers and the consumer would go on their merry way.

I think we need some more consumer education, so we can better focus on controls. I think a good first step would be to begin clarifying two types of breaches: an Identity Theft Breach and a Credit Card Number Breach. If I had heard that 100 million identities had been breached – I would probably have put an immediate fraud block at the bureau. The Heartland breach is meaningless to me…… other than watching the News, or should I say Wrong News.


Date Posted: January 26, 2009 Author: Category:   IDI Blog

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.