Financial Security: Priceless

The recent security breach at MasterCard should serve as a technology wakeup call to the rest of the financial services industry about the use of third-party suppliers, according to an IT research firm.

While major financial services players often make security a priority, this is not necessarily the case with contractors that handle much of their work, according to Info-Tech Research Group (see Info-Tech: Card Breach Law Limits).

I think they need to look at their [suppliers’] infrastructure [and ask] are they using encryption at all levels and certifying employees that get access to the data,” says Carmi Levy, senior research analyst at Info-Tech.

The problems at MasterCard’s partner, CardSystems Solutions Inc., are just the latest in a string of high-profile IT security breaches. Others include headline-hitting data privacy breaks involving ChoicePoint and LexisNexis (see Don't Be a Data Privacy Dunce and CardSystems Responds to Security Incident).

One element of these woes emanates from regulatory loopholes. Much of the broader financial services sector is not subject to the same stringent security regulations, as say, the banking industry. As a result, financial services firms, particularly credit card companies, need to toughen up their act when it comes to dealing with their third-party suppliers.