Many years ago when Internet fraud was in its infancy, I had a credit card number stolen online. This was in the mid 1990’s. It was used for numerous charges world-wide until I noticed it. While I hadn’t noticed the first few sub $100 charges, I did notice them when they became bigger. I contacted the credit card company which was not a big-name bank, and they were unable to do too much for the earlier charges, but they were able to clear the newer unauthorized charges as well as issue me a new number. I had to make many international calls to clear up the earlier charges myself. It was a long process, but in the end I was able to get most of the charges reversed.
Today this process is much easier. Credit card companies keep a watchful eye on charges, sometimes almost too watchful when they suspend a card for suspicious activity that was actually your own activity. I have had this happen most often when traveling, which is the absolute worst time to suddenly be without a credit card. Online statements and even instant messaging of transactions also reduce the time it takes to notice something gone awry. Even the worst cards limit the liability of the consumer when there is a breach. The ability for a bank to block and reissue cards with new numbers limits their exposure to lawsuits from consumers.
What happens when the information lost is information that can not be easily fixed? Recently, information was leaked on approximately 4.5 million patients and customers of Community Health Systems. There is no magic undo button if that information reveals information that a person wanted to keep private. It is not possible to just reissue a new health record like it is to issue a new credit card number. Once this type of information is public, it never comes back. A loss like this instantly exposes a business to the potential for countless lawsuits, class action suits, and even potentially criminal penalties if it is determined that the business was not in compliance with regulations.
This type of event is the perfect example of why it is vital for businesses to follow a risk based approach to data protection. While it is expensive to lose credit card information, it could mean the end of a business to lose information like this where damage can’t be so easily repaired.
Do you need help bringing awareness of these issues to your management? Do you need help meeting regulations? Do you need a strategy for protecting yourself that goes beyond just checking checkboxes? Chi Corporation can help! Give us a call.
Paul Comfort
Senior Systems Engineer
Chi Corporation
@PCComf