'The sad truth is that the card companies could easily contain the potential damage by shutting down the affected accounts and issuing new cards,' she said.
Usually, that means the criminal with the stolen data can complete at least one or two purchases before the card is canceled, and that puts merchants at risk. It was not immediately clear what steps issuing banks were taking in response to the news.īut Avivah Litan, a security analyst with Gartner Inc., said most banks won't reissue cards until there's evidence of active fraud.
Typically, credit card-issuing banks decide whether to cancel and reissue credit cards connected to security breaches.
