Lost Credit Data Improperly Kept, Company Admits

Zak3056 writes "Last week, Mastercard announced that up to 40,000,000 credit card numbers may have been compromised by one of their processing companies. Today, the New York Times (registration, along with first born child, required) is reporting that the company in question, CardSystems Solutions, should not have been retaining that data to begin with. John M. Perry, CEO of the processor in question, claims the data was merely being kept for 'research purposes.' The number of compromised Master Card accounts has been revised downward to about 68,000, with another 132,000 possibly compromised accounts belonging to Visa, American Express, and other companies."

Re:I think credit card numbers...

[Tony+Hoyle]

PIN is a nice idea but 4 digits? And those horribly insecure pads that everyone in the store can see?

PIN needs:

1. Random length up to 10-15 digits.
2. Some attempt at security on the retailers' readers!
3. Your pin for ATM/Cash should be different to your pin for purchases, and both should be easily changable if I'm bothered about the security of a recent purchase.

Their current system is *worse* than signature, because the an observant theif can have your 4 digit pin and card very easily in a crowded shop.. once they have that they have *proof* that they are you.

And the rub in the UK is they changed the contract terms so that if someone gets your PIN *you* are liable, not the shop or the CC company. If someone fakes a signature the merchant is liable.

For this reason when asked for a pin I just say "I don't know it" and do it the signature way (this is another reason why PIN doesn't increase security - it's damned easy to bypass by claiming you don't know it!).