An unprecedented theft of personal identification numbers from thousands of consumers across the country is calling into question the basic safety of paying with debit cards.

The debit card breach, which the trade publication American Banker says could have allowed thieves to gain access to as many as 600,000 bank accounts, has raised larger questions about whether merchants are improperly storing customers’ personal data.

The problem, according to security experts, is the storage of PINs attached to debit cards. The compromise of so many PINs suggests that a national retailer stockpiled customer information even though such a practice is against rules set down by the major credit card companies. What the breach has revealed, say security analysts, is that safety measures around these numbers could represent an Achilles heel for debit cards.
“The process of authentication for PIN numbers has been perceived for a long time to be very secure,” said Edward Kountz, a financial services analyst at Jupiter Research. “These thefts call into question how secure they really are.”

The recent debit card crime spree stretched from Seattle to North Carolina. And for the past month, most of the media attention has focused on which company suffered the security breach. Many of the victims shop at OfficeMax, an office-supply chain headquartered in Itasca, Ill., according to law enforcement officials. The company has denied suffering a breach and said a third-party audit found no problems (though the company is still working with authorities investigating the case).

more from [url=http://news.com.com/Your+secret+PIN+may+not+be+so+secret/2100-1029_3-6050259.html?tag=nefd.lede]News dot com[/url]

---

Filed under: Security - @ March 18, 2006 12:24 am