Over 100,000 payment cards stolen in Finland. Yes it is still happening and more people than just the merchant could be liable
I know most of us have become numb to the almost constant barrage of news reports about credit card data breaches. The latest one comes from Helsinki, Finland where an unnamed merchant decided it was OK to store “several years” worth of credit card data on a poorly secured server. Of course thieves found a way into the machine and made off with 100,000+ plus accounts information. The “good news” is only about 10,000 contained all of the card data and so far only a few of the cards numbers have actually been used so far. Well thank God for good news like that!
Obviously, the fact that the police are saying the information was kept on a poorly secured server and full card information was stored would lead one to believe that the merchant was not PCI compliant. But whether or not they were PCI compliant is more than an exercise in good security practices. It is about liability and the liability here could extend beyond the merchant.
You see in many cases now the card brands have put the burden of ensuring PCI compliance on the merchant processors. They in turn have put the burden on the merchant services companies. Now when a merchant is not PCI compliant and an incident such as this happens it is bad news all around.
For the consumer/card holder it is a big inconvenience. They might have to have new cards issued, credit watch put in effect and fraudulent charges reversed. But at the end of the day their financial responsibility is limited. For the merchant and now their merchant services provider that is not the case.
If the merchant was not PCI compliant, had not even filled out their self-assessment questionnaire, they can bear the brunt of the financial losses here. If the merchant services company had the obligation of making sure the merchant was in compliance, they could share in this liability as well. And lets be clear here. The liability in a case like this could be substantial. Even 10,000 cards with full data could equal millions of dollars worth of fraudulent purchases. It could easily bankrupt this merchant as well as merchant services and processors up the line.
So the message is clear. Do not become comfortably numb in hearing about all of the credit card breaches. If you are a merchant or involved in the merchant services industry the burden is being moved to you to make sure that at the very minimum the PCI DSS regulations are followed with every single merchant.
Specializing in small and medium-sized businesses in both traditional and Internet environments, Merchant services has one of the highest merchant acceptance rates in the industry, with most applications approved within two business days.
In addition, our technological advances have effectively harnessed and exceeded the growing demands in the processing industry—allowing us to support nearly every vertical market with increasing and profitable business solutions.
Specializing in small and medium-sized businesses in both traditional and Internet environments, Merchant services has one of the highest merchant acceptance rates in the industry, with most applications approved within two business days.
In addition, our technological advances have effectively harnessed and exceeded the growing demands in the processing industry—allowing us to support nearly every vertical market with increasing and profitable business solutions.