Lost Credit Data Improperly Kept, Company Admits

Zak3056 writes "Last week, Mastercard announced that up to 40,000,000 credit card numbers may have been compromised by one of their processing companies. Today, the New York Times (registration, along with first born child, required) is reporting that the company in question, CardSystems Solutions, should not have been retaining that data to begin with. John M. Perry, CEO of the processor in question, claims the data was merely being kept for 'research purposes.' The number of compromised Master Card accounts has been revised downward to about 68,000, with another 132,000 possibly compromised accounts belonging to Visa, American Express, and other companies."

Moral Hazzard?

[DaveInAustin]

This story on npr says that the credit card companies can actually wind up making money when a fraudulent charge is made. Does this create an incentive for them to keep things safe?

When will these companies be held responsible?

[Todd+Knarr]

That's what I want to know: when will companies that mishandle data like this be held 100% responsible to the people whose data they mishandled for the losses, fraud, etc.? I'm of the opinion that only when mishandling data results in actual financial consequences to the mishandler will things change.