AP: Weak Security Opens Door To Credit Card Hacks

LaMotte, who was unemployed at the time, says she had to borrow money from her mother and boyfriend to pay $500 in overdraft and late fees — which were eventually refunded — while the banks investigated.

"Maybe somebody who doesn't live paycheck to paycheck, it wouldn't matter to them too much, but for me it screwed me up in a major way," she said. LaMotte says she pays more by cash and check now.

It all happened at a supermarket chain that met the PCI standards. Someone installed malicious software on Hannaford's servers that snatched customer data while it was being sent to the banks for approval.

Since then, hackers plundered two companies that process payments and had PCI certification. Heartland Payment Systems lost card numbers, expiration dates and other data for potentially hundreds of millions of shoppers. RBS WorldPay Inc. got taken for more than 1 million Social Security numbers — a golden ticket to hackers that enables all kinds of fraud.

In the past, each credit card company had its own security rules, a system that was chaotic for stores.

In 2006, the big card brands — Visa, MasterCard, American Express, Discover and JCB International — formed the Payment Card Industry Security Standards Council and created uniform security rules for merchants.