E-commerce Merchants Beware

Posted on February 23, 2009 by Tom

A little over a week ago I blogged about the possibility of another big breach. Now it’s all over the Blogosphere and the on-line trade rags. Speculation is rampant. Some say it will be bigger than the Heartland breach; others say it won’t be quite that big. Of course it’s all wild guessing since we don’t have the foggiest idea of how big the Heartland breach really was. At last count, it’s over 500 banks and half a million accounts with only a small percentage of the banks reporting counts.

Some of the things that seem pretty clear are that it was another on-going breach that went on for most of 2008 – February to October seems to be the most common report. And it was another processor. Fortunately, according to the speculation, the processor doesn’t do the volume that Heartland does.

And there’s one other thing that’s troubling. According to the on-line trade rags, this one didn’t involve track data. That means that the banks don’t have to take preemptive steps to replace cards before they are used fraudulently and the banks have to cover the losses to the cardholders.

As an e-commerce merchant I’m outraged and you should be too. Here’s a quote from the Pennsylvania Credit Union Association

Since track data was not compromised, we are not suggesting that you block and transfer these compromised accounts. Chargeback rights should exist for all Card Not Present transactions simply by the cardholder asserting a dispute for the unauthorized transactions.

In other words, don’t worry about it, Mr. Banker, we can stick the e-commerce merchant with any fraud losses from this one.

My guess is that this is their opportunity to use the chargeback fees they’ll collect from on-line merchants to pay for replacement of the cards from the Heartland breach — and maybe a bit of profit too.

How convenient is that!

There is some contact information on their website but I’ll be looking for some good contact information inside the Pennsylvania Credit Union Association and they’ll get a nice email from me. I’ll be posting the contact information in another blog post and I urge all E-commerce merchants to register their displeasure. You can also call them at (800) 932-0661 and let them know what you think.

Comments are open so feel free to comment. I’ll be sure to pass them on.

Similar Posts:

Bookmark and Share

About Tom

Tom Mahoney is the Founder and Director of Merchant911, a site dedicated to helping e-commerce merchants.
This entry was posted in Data Breach, chargeback, e-Commerce, fraud trends, profit from fraud and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>