Saturday, March 26, 2011

Credit Card Security – EPIC FAIL

credit-debit-card-theft-image Today, my manager sent out an email that someone charged $3000 of camping equipment onto his company credit card. Considering that we use that card to buy raw materials or equipment, we all knew that his card number was compromised.

The card is under our CEO’s account and senior staff is added on to this account, such as my boss.

When he called to cancel it, the customer service person would not.  The card was under our CEO’s account and they would only cancel the card if my boss knew the CEO’s date of birth and mother’s maiden name.  That simply blew us away, it was obvious someone is spending money on a stolen credit card but the customer service representative said he couldn’t cancel it just because my boss didn’t know the answers to the security questions to make sure he’s the authorized card holder. Apparently, it was a breach in their security protocols.

To cancel it, he had to go to our Human Resources and Finance to get the ‘security answers’

So, here’s what we know.  My boss now knows our CEO’s birth date and mother’s maiden name.  We all know the CEO’s name and it’s probably not hard for us to find out where the he lives.  If my boss was a criminal, he now has enough information to to pose as our CEO and make fraudulent purchases himself. 

I couldn’t remember if it was VISA or Master Card.  Which ever company it was shame on you.  Your own policies actually encouraging potential identify theft.

1 comment:

  1. HAH! wow... so to cancel it, they are compromising the security of the CEO? Your boss answering the secret question is also a breach of security isn't it? Because usually the only person who can and should answer those questions is the person whos name its registered under!