Large Databases Can Mean Big-Time Fraud

Storing massive amounts of credit card information in one place proved to be a costly mistake for BJ's Wholesale Club Inc. earlier this year.

Thousands of credit card numbers were stolen in what may have been the biggest retail fraud of its kind. Secret Service agents say the suspects arrested in the case may be connected to an international identity theft ring.

"There are some pretty heavy losses out there," Greg Smith, president of the Pennsylvania State Employees Credit Union, told the Associated Press. The credit union reissued cards to 14,000 of its members at a cost of $100,000.

That loss is small compared to the $1 million it cost Sovereign Bank to cover 700 fraudulent transactions and reissue 81,000 cards not once, but twice after a problem arose with the first batch. Credit card issuers usually cover fraudulent purchases and limit liability to merchants.

And while BJ's said the theft would have no material effect on its finances, the third-largest U.S. warehouse club now faces claims from some of the dozen or so banks that had to reimburse customers or reissue cards. Investigators and bank officials did not disclose the monetary losses.

According to industry magazine Credit Card Management, Visa and Mastercard issuers lost $820 million in 2003 - up 6 percent from the year before.

And as companies continue to rely on huge databases to store personal information on consumers, the potential increases for identity theft on a huge scale. Hackers have already tried to steal information from the Lowe's home improvement chain and from database aggregator Acxiom Corp.

A new federal law that increases criminal penalties for those convicted of identity theft is a move in the right direction, said Judith Collins, a Michigan State University criminal justice professor. Collins authored a study that found that the workplace, not cyberspace, is the usual starting point for ID theft. She said as many as 70 percent of all identity theft cases involve information stolen in the workplace.

In California, businesses are required to limit use of Social Security numbers and take other precautions to keep personal information safe. The credit industry, however, "has been relatively slow in taking more security steps than they already have in place because they sort of felt they could tolerate the loss," said Robert Richardson of the Computer Security Institute, an organization for security professionals.

You may like these other stories...

Hertz withdraws full-year forecast, cites accounting review, challengesRental car company Hertz Global Holdings Inc. said on Tuesday it is withdrawing its full-year financial forecast and expects 2014 results to be “...
Treasury prepares options to address tax inversionsDamian Paletta of the Wall Street Journal reported on Monday that US Treasury Department officials are assembling a list of administrative options for Treasury Secretary...
Deloitte CEO Joe Echevarria to retire to pursue public serviceMichael Rapoport of the Wall Street Journal reported that Deloitte LLP CEO Joe Echevarria plans to retire later this month to pursue his interest in public...

Already a member? log in here.

Upcoming CPE Webinars

Aug 21
Meet budgets and client expectations using project management skills geared toward the unique challenges faced by CPAs. Kristen Rampe will share how knowing the keys to structuring and executing a successful project can make the difference between success and repeated failures.
Aug 26
This webcast will include discussions of recently issued, commonly-applicable Accounting Standards Updates for non-public, non-governmental entities.
Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.