Banks Should Keep Your Data as Safe as Your Money

Test ticker

Support Mother Jones this Giving Tuesday

Did you know Giving Tuesday got started, back in 2012, explicitly to fight against the commercial corruption of Thanksgiving with its Black Friday and Cyber Monday? That’s awesome! And what better way to mark the day than with a Giving Tuesday donation to Mother Jones that will help fight corruption of all sorts, day in and day out. Our finances are rough right now and we could really use a Giving Tuesday boost. Please help us make the most of this heightened day of giving if you can right now.

Did you know Giving Tuesday got started, back in 2012, explicitly to fight against the commercial corruption of Thanksgiving? That’s awesome! And what better way to mark the day than with a donation to Mother Jones that will help fight corruption of all sorts, day in and day out. Our finances are rough right now and we could really use a Giving Tuesday boost if you can help today.

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.

From the New York Times:

Citigroup’s revelation that hackers stole personal information from more than 200,000 credit card holders makes it one of the largest direct attacks on a major bank.

….Details remain scarce, but the disclosure of the Citigroup breach on Thursday quickly turned into a debate on whether the banks and major credit card companies had invested enough money to safeguard the personal information of their customers.

….“We’re not dealing with 14-year-old hacker kids,” said Steve Elefant, the chief information officer at Heartland Payment Systems, which overhauled its security measures after the systems it used to process credit and debit card transactions were hacked in 2008. “We’re talking about 21st-century bank robbers — sophisticated, organized criminal gangs, located mostly in Eastern Europe and the U.S.”

….Big credit card lenders are loath to acknowledge another reason that the breaches keep happening: they are in the business of reducing the financial losses stemming from fraud, not preventing data theft in the first place. As a result, analysts say, they have devoted the bulk of their resources to trying to stop fraudulent transactions from occurring.

Banks might indeed be loath to admit it, but the Times delicately hints at the reason this keeps happening: banks don’t care. And the reason they don’t care is because there are no serious penalties for these kinds of breaches and consumers have no ability to sue over them. What’s more, it’s consumers who end up having to clean up the mess if the hack results in ID theft or some other kind of fraud, not the banks. So why bother?

This is something that really ought to be a bipartisan outrage. Banks and other financial players don’t care very much about this stuff because they don’t have to pay much of a price for things like ID theft and data breaches, but they’d start caring if Congress passed legislation that made them responsible for these costs. That’s what Congress did in 1968 for credit card fraud, and banks started figuring out clever ways to reduce fraud mighty quickly. Make them responsible for data breaches and I’ll bet they’d figure out how to reduce those too. Alternatively, we could just pass some heavy-handed rules, as Europe has done. One way or the other, though, banks should be responsible for the cost of their own mistakes. That’s really not something that Republicans and Democrats should have much reason to disagree about.