Calls for tougher debit card regulation

Published 8 August 2008

On Tuesday the Justice Department announced the indictment of eleven people for stealing and selling more than 40 million credit card and debit card numbers; watchgroups say this is evidence, if one were needed, that federal laws governing debit cards should be tougher — and more uniform

On Tuesday the U.S. Justice Department issued indictments in a massive computer breach and identity theft case, and now watchdog groups are calling on Congress to act quickly to protect consumer privacy. Eleven people were indicted on multiple charges in connection with the hacking of nine major U.S. retailers and the theft and sale of more than 40 million credit card and debit card numbers. NextGov’s Andrew Noyes writes that one priority these groups emphasize is the need to overhaul federal laws that govern debit cards. Ed Mierzwinski of the U.S. Public Interest Research Group points out debit cards are subject to several tiers of liability rather than one unified standard, while many banks promise zero liability. But turf wars between congressional committees of jurisdiction have traditionally prevented this and other data security reforms from becoming a reality, Mierzwinski said.

The Senate has passed a bill intended to combat ID theft, but its fate this year is uncertain given the limited time left. The bill, introduced in October by Senate Judiciary Chairman Patrick Leahy (D-Vermont) and ranking member Arlen Specter, would give victims of ID theft the right to seek restitution for the loss of time and money spent restoring credit. It would also ensure that criminals who pose as legitimate businesses to steal data can be prosecuted under federal identity theft laws; lower the financial threshold for prosecuting cyber criminals; and make it a felony to employ malicious software to damage 10 or more computers. The legislation passed the Senate in the fall but has languished in the House. The bill won Senate passage again last week after being folded into a House-passed bill to extend Secret Service protection to former vice presidents. Leahy issued a statement today pressing the House to act quickly to pass the legislation and to send it to President George Bush for signature. Other data security bills introduced in the 110th Congress have failed to gain as much momentum. Mierzwinski expressed hope that lawmakers will turn their attention back to commercial and government data security in the new session.

Another issue Congress will have to deal with is harmonizing federal law with efforts by states. David Sohn of the Center for Democracy and Technology said state-level data breach notification laws might have already undermined federal efforts. “Consumer groups may be reasonably satisfied with that and businesses are learning to live with it as well,” he said. House Energy and Commerce ranking member Joe Barton is one lawmaker who is expected to push for a data security overhaul. Barton, whose personal records have been breached twice, lauded Justice’s crackdown Tuesday and called for strong law enforcement and security measures “so we can move safely toward electronic records in everything from health to bank accounts.” Representaitve Adam Schiff (D-California), who sponsored a companion measure to Leahy’s bill, said members should restart efforts to fight identity theft rings just as Congress did in 1970, when it passed laws to help prosecute the mob.