SoylentNews is people
SoylentNews
from the ensuring-fairness-and-safety dept.
Papas Fritas writes:
"Michael Kitchen at Marketwatch reports that when companies in the US are hacked for customer information they often seem to react to such thefts with little more than a sigh and a shrug if they even report it at all. But in South Korea, they don't mess around with ID theft.
South Korea's financial-services regulator announced Sunday that three firms which suffered the theft of consumers' data last year would be barred from issuing any new credit cards or extending any loans for three months. In addition, the executives at the companies involved showed their contrition by going before television cameras and making deep bows and personal apologies. Some executives reportedly resigned over the incident, even though the alleged ID thieves were caught and arrested. The South Korean Financial Supervisory Commission (FSC) said the companies had 'neglected their legal duties of preventing any leakage of customer information.'"
(Score: 4, Interesting) by SpallsHurgenson on Tuesday February 18 2014, @03:30PM
Alternately, the credit-card companies could properly enforce their own PCI compliance rules. According to those, if you are in violation then yes, they CAN forbid you from accepting credit cards from customers until you show evidence that you have fixed the violation. I've seen it happen to smaller companies for far less serious breaches than what happened at Target. That the credit-card companies did not do so with Target has more to do with their fear of losing their income from all those Target sales than it did with not pronouncing a "death sentence" on the retailer.
Of course, that sort of threat is the only thing that will incentivize retailers to take credit-card security seriously. Without it, companies are always going to go cheap and easy, because any bad effects will affect only the customer, not the retailers themselves. But if suddenly a breach of credit-card data could put them at risk of becoming unprofitable, you can bet that more stringent methods will be put into place to ensure that nobody can walk out the door with a thumb-drive full of customer data.
And while I am no fan of excessive government regulation... if the retailers won't do it, and the credit-issuers won't do it, and the customer can't do it, what other option is there but for there to be a law to ensure it gets done?