Banks Should Keep Your Data as Safe as Your Money

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.

From the New York Times:

Citigroup’s revelation that hackers stole personal information from more than 200,000 credit card holders makes it one of the largest direct attacks on a major bank.

….Details remain scarce, but the disclosure of the Citigroup breach on Thursday quickly turned into a debate on whether the banks and major credit card companies had invested enough money to safeguard the personal information of their customers.

….“We’re not dealing with 14-year-old hacker kids,” said Steve Elefant, the chief information officer at Heartland Payment Systems, which overhauled its security measures after the systems it used to process credit and debit card transactions were hacked in 2008. “We’re talking about 21st-century bank robbers — sophisticated, organized criminal gangs, located mostly in Eastern Europe and the U.S.”

….Big credit card lenders are loath to acknowledge another reason that the breaches keep happening: they are in the business of reducing the financial losses stemming from fraud, not preventing data theft in the first place. As a result, analysts say, they have devoted the bulk of their resources to trying to stop fraudulent transactions from occurring.

Banks might indeed be loath to admit it, but the Times delicately hints at the reason this keeps happening: banks don’t care. And the reason they don’t care is because there are no serious penalties for these kinds of breaches and consumers have no ability to sue over them. What’s more, it’s consumers who end up having to clean up the mess if the hack results in ID theft or some other kind of fraud, not the banks. So why bother?

This is something that really ought to be a bipartisan outrage. Banks and other financial players don’t care very much about this stuff because they don’t have to pay much of a price for things like ID theft and data breaches, but they’d start caring if Congress passed legislation that made them responsible for these costs. That’s what Congress did in 1968 for credit card fraud, and banks started figuring out clever ways to reduce fraud mighty quickly. Make them responsible for data breaches and I’ll bet they’d figure out how to reduce those too. Alternatively, we could just pass some heavy-handed rules, as Europe has done. One way or the other, though, banks should be responsible for the cost of their own mistakes. That’s really not something that Republicans and Democrats should have much reason to disagree about.

MOTHER JONES NEEDS YOUR HELP

Straight to the point: Donations have been concerningly slow for our hugely important First $500,000 fundraising campaign. We urgently need your help, and a lot of help, over the next few weeks so we can pay for the one-of-a-kind journalism you get from us.

Learn more in “Less Dreading, More Doing,” where we lay out this wild moment and how we can keep charging hard for you. And please help if you can: $5, $50, or $500—every gift from every person truly matters right now.

payment methods

MOTHER JONES NEEDS YOUR HELP

Straight to the point: Donations have been concerningly slow for our hugely important First $500,000 fundraising campaign. We urgently need your help, and a lot of help, over the next few weeks so we can pay for the one-of-a-kind journalism you get from us.

Learn more in “Less Dreading, More Doing,” where we lay out this wild moment and how we can keep charging hard for you. And please help if you can: $5, $50, or $500—every gift from every person truly matters right now.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate