Service providers that allow third-party financial
information to be compromised should be punished by law, according
to analyst firm Gartner.The comments followed the jailing of former IT
engineer Sunil Mahtani last week after he was found guilty of
masterminding the largest credit card fraud scam investigated in
the UK so far.
Mahtani stole more than £2m, by downloading
details of nearly 9,000 credit cards while working for a
ticket-processing firm and then encoding the details onto cloned
credit cards to fund hundreds of illicit shopping trips.
The case is one of many “wake-up calls” that
companies have ignored, so legislation is necessary, said Avivah
Litan, vice-president of the financial services group at
Gartner.
“The’ big stick’ seems to be the only answer,”
she said. “They should punish service providers which let financial
information be compromised, whether that is the merchant, payment
processing firm or other third party.”
The credit card providers are not blameless.
With some “pretty basic security measures”, the fraud would have
been easily avoided, she said.
“Simply encrypting the data on the cards would
have prevented this case,” Litan said. “All the big credit card
companies have security policies, but they are just not enforcing
them.”
Recent US research revealed that the
number of victims of identity theft in 2002 was 81% higher than the
previous year, and the number of incidents reported so far this
year suggests that this will continue to grow.
The survey, from consultancy Harris
Interactive, said that more than 13 million Americans have
fallen victim to identity theft or fraud since January 2001.
Although 62% of the victims did not incur any
cost, 38% did have out-of-pocket expenses. The average cost for
such victims since 2001 was $740 (£459).