The theft of personal information from more than 100 million South Korean credit cards and accounts, reportedly including those of President Park Geun-hye and UN chief Ban Ki-moon, has ignited a storm of anger and litigation against credit firms. This news is not only agonizing for those who had their information stolen, but also for credit companies that are now being sued over the incidents.
This is different than the US-based Target data hackings from December 2013, as financial regulators believe that a contractor with the Korea Credit Bureau, a private firm that manages the credit information of millions of Koreans for financial services providers, simply loaded details of 105.8 million accounts held by KB Kookmin Card Co Ltd, Lotte Card Co Ltd and NH Nonghyup Card onto a portable hard drive. South Korean citizens affected are now suing, each claiming $110 million Won, the equivalent of $103,400 U.S. Dollars, in damages as the information stolen was not simply credit card information but also names, home addresses, and phone numbers, bank account numbers, identification numbers, income, marriage and passport numbers. The FSS said credit card passwords were not stolen, although this was cold comfort to South Koreans for whom most credit card transactions simply require a card swipe and signature – without the need for a chip and pin process. Some outlets such as home shopping channels do not even need a signature.
So what does this mean for businesses in the U.S. that could have been affected? It means that their business could possibly be downgraded in the eyes of their merchant account service to “high risk”. A high risk account can mean many things, from a new business owner without any klout, to a business that is simply at a higher risk of having longevity issues. However, do not fret. There are many processors that offer high risk merchant accounts, though their processing fees may be a bit higher. Still, this is a small price to pay in terms of still being able to process plastic card payments.
Both large breaches in a short amount of time will hopefully hurry the change to chip and pin cards in the United States. The cards tend to be safer than signature confirmation, as a signature can easily be duplicated, but an unknown pin cannot be. Until then, all business owners need to make sure their terminal security is up to date.