The credit card system's weak link?

The break-in is the latest high-profile data breach to be publicly disclosed in recent months involving credit card companies, retailers and data brokers that amass and sell consumer data.

Security and fraud experts say two factors are behind the trend:

• Information thieves are becoming ever more sophisticated at grabbing and selling financially sensitive information.
• A California law took effect this year that requires companies to notify state residents when their personal information is compromised. Congress is now debating a national version.

Perhaps the biggest previous security lapse involving a card processor was a 2003 hack on a Nebraska company called Data Processors International Inc., part of TransFirst Holdings Inc. As many as 8 million account numbers became vulnerable.

TransFirst spokesman Scott Jones would not say whether the company is confident a similar attack couldn't happen again.

He said only that the company's data banks are encrypted and watched by monitoring software in order to comply with Visa and MasterCard requirements.

Mike Gibbons, a former chief cybercrime investigator for the FBI, says financial services companies have done better overall than most industries in developing tight computer security.

But Gibbons, now general manager for federal security solutions at Unisys Corp., said the credit card companies' certification system for its partners isn't necessarily sturdy.

Computer networks are very complex and constantly being updated, so it wouldn't be unusual for a major alteration to be made after a company is audited — one that could leave its network vulnerable to attack, he said.

Consumer advocates believe a more pervasive problem is at work: retailers and banks are reluctant to do anything to change the credit system because they fear it would slow the process by which consumers get and use credit.

"Information travels through the credit system and stops in so many places where it could be illegally used that consumers have no idea what a hodgepodge of a system the credit card companies have created," said Edmund Mierzwinski, consumer program director at U.S. Public Interest Research Group.

That system, he said, is mainly designed to extract fees from consumers and businesses, "but very little of it is designed for security."

MORE FROM TECHNOLOGY & SCIENCE

Technology & Science Section Front

Cosmic Log: Alien ‘water world’ found 10 best PlayStation 3 games of 2009 Top 5 reasons to keep playing your PS2 Teen runs up dad's cell bill to nearly $22,000 Organic molecules found ... on the moon? Mars lander just might rise from the dead YouTube's top 2009 videos feature eclectic cast Ohio court: Cell phone searches require warrant Earthquake concerns shake energy projects Hubble spots cosmic Christmas wreath Technology & Science Section Front   Add Technology & Science headlines to your news reader: