This morning I received the following response from MasterCard International. I think at this point, I am going to send a letter to the RewardZone Mastercard people, asking that they reimburse me for my time with some rewardzone points. See where that goes.
Dear Robin,
First and foremost, we are sorry to hear about the inconveniences you have experienced with your MasterCard account and specifically with a card breach event that resulted in the issuance of a new account in your name. We also appreciate the concern and diligence you are taking to protect your finances as it relates to credit cards and the inquiry regarding this card account breach.
You should know that MasterCard licenses its' processing network to banks, who in turn, acquire cardholders and manage cardholder accounts. Specific to card breaches, MasterCard cannot determine which merchant transaction caused a card breach since this data is not provided to us. I have provided below a typical scenario of card breaches and the subsequent activity.
* Merchants use a processing company, or what MasterCard calls an Acquiring Bank, to consolidate all of their MasterCard, Visa, American Express and Discover transactions
* Processors are used to simplify how the daily charges are submitted
* Most card breaches occur when the computer system of a Processor is compromised and data in the computer is ‘exposed’ to an unauthorized source or person
* When the Processor realizes that an exposure has occurred, they send a list of the exposed accounts to MasterCard, Visa, etc in a large batch file
* In turn, MasterCard separates the list by issuing bank and then notifies each that a compromise has occurred
* MasterCard provides each issuing bank with a list of only their card accounts that were exposed; again this is an aggregate list of card accounts not specific merchant transactions
* The issuer then makes a decision, based on the risk presented, what actions they will take; sometimes that means the issuer will replace card accounts
I provide this explanation so you realize that MasterCard cannot provide the specific and infractional information cardholders request. We simply do not have this data, nor does the issuer. We do take each card breach occurrence very seriously and work closely with investigative agencies. Additionally, MasterCard has stiffened penalties to Processors to help ensure each of these companies protects cardholder data with extreme care and diligence.
Subscribe to:
Post Comments (Atom)
Posts
I tried posting this earlier, let's hope it goes through this time.
ReplyDeleteIt seems like they gave you a decent answer. I'm torn between "they gave you more than they needed to" and "it's your privacy, they better let you know what's going on." But overall they seemed civil.
I wonder how many Processor companies there are. Are there only a few that most merchants end up using or are there so many that knowing the Processor wouldn't help. You'd think MasterCard would be able to tell you the name of the Processor. Maybe from there you could find the merchant.
It seems like part of their answer might be telling me that the processor was the one who blew it. If that is the case, then it is no one I shopped with, but someone who just runs the numbers. If its true, then I feel like it is even more on MC to make good, since it wasn't like I dealt with some super shady company that released my info. It was just a poor choice for MC to use an unreliable processor.
ReplyDelete"Merchants use a processing company, or what MasterCard calls an Acquiring Bank, to consolidate all of their MasterCard, Visa, American Express and Discover transactions"
ReplyDeleteI think that means that the individual stores pick who their processor is. There are probably reasons why a store picks a certain one. Maybe cost vs security is one of them. I wonder if the stores are made aware when the processor messes up, regardless of whether it was a customer of theirs that was affected (since this info is apparently impossible to find out).
And if this is the case, maybe that means that smaller establishments will have greater risks in charging since they'll use cheaper processors. If so, I think you should use cash when buying that $3 pack of Silly Bandz from the local gas station.