Gartner: Financial service providers should face security sanctions

Service providers that allow third-party financial information to be compromised should be punished by law, according to analyst...

Service providers that allow third-party financial information to be compromised should be punished by law, according to analyst firm Gartner.

The comments followed the jailing of former IT engineer Sunil Mahtani last week after he was found guilty of masterminding the largest credit card fraud scam investigated in the UK so far.

Mahtani stole more than £2m, by downloading details of nearly 9,000 credit cards while working for a ticket-processing firm and then encoding the details onto cloned credit cards to fund hundreds of illicit shopping trips.

The case is one of many “wake-up calls” that companies have ignored, so legislation is necessary, said Avivah Litan, vice-president of the financial services group at Gartner.

“The’ big stick’ seems to be the only answer,” she said. “They should punish service providers which let financial information be compromised, whether that is the merchant, payment processing firm or other third party.”

The credit card providers are not blameless. With some “pretty basic security measures”, the fraud would have been easily avoided, she said.

“Simply encrypting the data on the cards would have prevented this case,” Litan said. “All the big credit card companies have security policies, but they are just not enforcing them.”

Recent US research revealed that the number of victims of identity theft in 2002 was 81% higher than the previous year, and the number of incidents reported so far this year suggests that this will continue to grow.

The survey, from consultancy Harris Interactive, said that more than 13 million Americans have fallen victim to identity theft or fraud since January 2001.

Although 62% of the victims did not incur any cost, 38% did have out-of-pocket expenses. The average cost for such victims since 2001 was $740 (£459).



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.