eCommerce: Accountability and Transparency
Today I received notification from my bank that my information had been compromised in a data breach of Heartland Payment Systems in late January. While I am relieved that my own data has not (yet) been compromised, this latest incident further exacerbates the ridiculous manner in which they are handled. Affected parties are not presented with detailed information on how or why the breach occurs, nor are they held accountable for the countless millions that are lost--not with fraud, but with credit card issuers who have to reissue cards, PR to explain customers the situation, and the money lost by consumers to pay for credit watching services.
When these sorts of events occur, payment processors should be required to be transparent in the details of disclosure as far as the methods used (or not) to protect the data, as well as pay for services to prevent deviant activity using a customer's stolen data. Doing so might prove costly to take such measures, but perhaps this is an opportunity to be held accountable. I as a credit card user have no visibility into which payment processors my preferred merchants use, meaning I cannot vote with my dollar as to who I will patronize or not. Maybe this is another insurance opportunity for processors to protect themselves from that exorbitant cost, but also enforce measures to prevent theft as a stipulation for the policy. I may go as far as to say we need legislation for the same.
In the end, it is important for there to be some sort of regulation to keep these sorts of things from happening. We need accountability and transparency now.