County Executive Andy Spano today urged MasterCard to notify its customers of last week’s major computer security breach that could jeopardize the personal information of an estimated 40 million credit card holders.
The security breach Friday at Card Systems Solutions, which processes transactions for credit card companies including MasterCard, has left millions of credit card users vulnerable to identity theft.
In a letter to MasterCard, Spano said that the state is poised to pass a law that would require companies to notify consumers of security breaches within a reasonable time so that consumers could more closely monitor credit card activity. He said even though the law has not yet been adopted, MasterCard should do the right thing and begin notifying customers now.
“As a good neighbor who we are very happy to have here in Westchester, we would hope that MasterCard would not wait for the law to take effect, but instead would notify customers right away of potential problems,’’ said Spano. “Identity theft is a very serious issue, and I know that MasterCard will take this opportunity to help residents of Westchester, and elsewhere protect themselves.’’
Westchester County has been pro-active on the issue of identity theft.
Spano proposed a notification law two years ago and has worked with State Assemblyman Richard Brodsky and Senator Nicholas Spano to advance the issue in Albany.
Identity theft has become the top consumer complaint according to the Federal Trade Commission. The FTC has reported that more than 27.3 million Americans have been victimized between 1998 and 2003, and that consumers lost more than $5 billion in 2003 alone.
The need for a law to report security breaches has become increasingly apparent as more cases of major security breaches are uncovered. Sales of credit card and personal information have become big business on the Internet. The county has been working to protect residents and raise awareness about this crime.
In addition to proposing the notification law in its legislative package since 2003, the county has:
• Eliminated the use of social security numbers on medical cards and other paperwork when not essential.
• Joined FTC's Sentinel Network, a combined reporting data-base that allows law enforcement to share information regarding identity theft crimes.
• Began a training program at the county’s Police Academy to educate law enforcement on the crime and how to detect and prevent it.
• Created an ATM Registry to track non-bank ATM machines to protect against theft of personal information by con artists.