Last year, Amazon.com, the super-bookstore on the Internet, was
running clever radio commercials “looking” for space to hold its
gigantic inventory. The only place they overlooked was a government
computer. If they hadn’t, those 485,000 credit cards, which had been
stolen from Visa, MasterCard, American Express, and Discover sometime
before March 1999 might have been discovered sooner.
Was your credit card among those stolen? It may have been, and
neither your credit card company nor your bank ever notified you. What,
that couldn’t happen, you say. Well it has and no one appears to be
paying attention, let alone doing anything about it. This frightening
scenario could affect each and every one of us. It is obvious that the
credit card companies, the issuing banks and the federal government
deliberately did not disclose a significant crime.
Sometime in January 1999 someone stole the records of 485,000 credit
card holders from an undisclosed credit card computer and stored them in
a federal computer. No one in government has revealed which federal
computer was compromised and exactly when it happened. Although
according to MSNBC
this case had been included in Secret Service testimony before Congress
last March as illustrative of the danger to online commerce by computer
hackers. At that time the news of such a large theft generated very
little press coverage.
Maybe the lack of coverage was deliberate. The federal government
certainly didn’t want to demonstrate the vulnerability of its computers,
while the credit card companies are sensitive to customers becoming
nervous about the safety of their plastic money. In fact, some credit
card companies and other financial institutions made the decision not to
inform at-risk customers of the theft. It wasn’t until Dec. 27, 1999,
that Visa sent a letter to financial institutions including the Navy
Federal Credit Union (NFCU), the world’s largest credit union, detailing
According to the NFCU source who revealed the Visa letter to MSNBC
the Navy Federal Credit Union “decided that … it would be too much of
an inconvenience and too costly to shut down the accounts and issue new
numbers. It was deemed not the credit union’s responsibility.”
Unfortunately this was not just an isolated incident. The same lack of
notification occurred several weeks ago when Visa alerted NFCU that
300,000 credit cards had been stolen from the CD Universe website.
Yet, when the credit card company suspects consumer fraud there is no
lack of notification. Last fall I headed out of town for a few days
thinking no one would care where I was. Sure I have a cell phone, but
only a few people have the number and finding someone’s cell phone
number is a nightmare.
However, I never even considered MasterCard International’s
interference. Stopping in rural eastern Georgia for gas I found out
“they” had my number. I gave the lady my MasterCard to pay for $31
worth of gas. For the next 20 minutes she hung onto her telephone,
while she discussed my purchase with at least four different people.
Finally they asked her to verify my driver’s license and then they asked
to talk to me personally. They verified my mother’s maiden name, the
last four digits of my social security number, and told me to call the
lending institution that handles my card as soon as possible. Finally
the charge was OK’d. It certainly would have been quicker, easier and
far less hassle to use cash!
Once back on the road I called my bank. They wouldn’t tell me why my
purchase had been scrutinized, but since MasterCard International had
now cleared my account of any question, I could keep on charging. I
kept wondering if MasterCard International was concerned because I had
charged gas and dinner in North Carolina the previous day and they
suspected I was on a vicious get-away spree across the South. Their
fraud protection people assured me all that delay and hassle was to
protect my credit rating. Yeah sure! It’s really to protect MasterCard
International against the millions of dollars of credit card fraud that
is perpetrated every year by credit card thieves.
In my case the inconvenience was a 20-minute wait in a gas station,
but what about the 485,000 credit card holders who don’t know their
credit cards have been stolen. How do they find out? Obviously their
credit card company or their banking institution isn’t telling them.
They may find out when they get a charge for something they never
purchased, or like Darlene Zele, a Rhode Island hospital worker, who
testified last week before The Treasury Department’s two-day national
summit on identity theft. Darlene has spent five years trying to get
her “identity” cleared after criminals wrecked her credit records, and
“it’s still not over.”
Maybe it was Eastern European criminals who stole the almost half a
million credit cards numbers complete with expiration dates and
cardholder names and addresses just for a prank. On the other hand the
owners of those cards are human beings who have put their trust — for a
fee — in the banks and credit companies with whom they do business.
These people deserve better than silence. At the least they should all
be notified that their credit cards were compromised and have them
reissued. The equally serious question is how to prevent such theft.
It appears to be happening with some regularity. Just a few months
ago there was the incident of active credit card numbers appearing on a
website with its origins in Russia for 24 hours before it was shut
down. If MasterCard International checks out my 30-dollar charges in
South Carolina and Georgia, they should also be concerned enough to let
me and others know when some Internet credit card hijacker is on the
loose and is about to steal my credit identity. Is it too much to ask
for full disclosure from financial institutions when crimes are
committed using credit card numbers belonging to hundreds of thousands
of their hard-working, credit-worthy customers?