Living with credit, Protecting yourself, Research, regulation, industry reports

Hey, Mark Zuckerberg and Congress: Are you serious about protecting our credit card data?

John Egan
Facebook CEO Mark Zuckerberg

Facebook CEO Mark Zuckerberg and the members of Congress who quizzed him during two Capitol Hill hearings should be ashamed.

Zuckerberg’s bulleted talking points for the hearings – notes that a photojournalist was able to capture – included a reference to the fact that no credit card numbers or Social Security numbers were involved in the Cambridge Analytica scandal. (It recently was revealed that the private data of more than 87 million Facebook users was dubiously collected by Cambridge Analytica, a political research firm.)

Yet in appearances April 10 before two U.S. Senate committees and April 11 before a U.S. House committee, Zuckerberg did not mention the talking point about credit card and Social Security data.

Credit was mentioned just twice

Only two times during the two days of hearings did a lawmaker utter the word “credit.” And those two times came during the April 11 hearing:

  • U.S. Rep. Martha Blackburn, a Tennessee Republican, cited the Fair Credit Reporting Act in the broader context of privacy rights.
  • U.S. Rep. Michael Burgess, a Texas Republican, briefly touched on a bill sponsored by Blackburn, called the BROWSER Act, that he and other supporters say would protect online privacy. That protection, Burgess said, would include notifications about data breaches, including those involving credit cards.

That was the extent of any discussion about credit cards during the two hearings.

Credit cards are used on Facebook – to buy ads and to make in-game purchases, for example. I’ve made purchases through Facebook ads, using a credit or debit card. Businesses and organizations pay for Facebook ads with credit cards, and tons of those ads are posted every day.

Facebook's Payments Settings page

Facebook’s Payment Settings page lets Facebook users enter credit or debit card numbers.

A huge failure on the part of Facebook

If nothing else, the public needed to hear straight from Zuckerberg’s mouth that our credit card and Social Security data wasn’t jeopardized in the Cambridge Analytica mess. How much trouble would it have been to squeeze that tidbit into his testimony?

This, to me, was a huge failure on the part of both Zuckerberg and members of the committees who heard his testimony. After all, isn’t what these hearings were supposed to be about – the security of our personal information?

Or were the hearings merely a dog-and-pony show for the TV cameras? At these hearings, Facebook and Congress were able to seem like they care about our data and care about enacting more data protections.

But do they really care?

Sadly, neither Zuckerberg nor Congress took advantage of this two-day national platform to assure Americans that their credit card information and Social Security numbers weren’t part of the Cambridge Analytica debacle.

Credit cards are used for in-game purchases on Facebook.

Credit cards are used for in-game purchases on Facebook.

And, more importantly, Americans weren’t given any firm indication that the security of personal data like credit card numbers will be highlighted in the conversation going forward.

This oversight (or whatever you want to call it) serves to further erode any trust we have in companies like Facebook to safeguard our data and in legislative bodies to hold companies like Facebook accountable.

Stepped-up responsibility by players like Facebook and Congress is critical at a time when every week seems to bring news of yet another data breach. And many of these breaches do involve credit card data, Social Security numbers and other personal information.

Data breaches are now a part of everyday life

Consumers have every reason to be concerned about their credit card information and other personal data. Actually, make that 2.6 billion reasons.

Around the world last year, 2.6 billion records were stolen, lost or exposed, according to a new report from digital security company Gemalto. That number was up 88 percent compared with 2016.

If that weren’t bad enough, consider this: The Gemalto report found that identity theft – affecting information like credit card data and Social Security numbers – remains the No. 1 type of data breach. In 2017, identity theft accounted for 69 percent of data breaches worldwide.

In light of those numbers, it’s no wonder that our confidence in the supposed security of our data is slipping.

Facebook CEO says he’s sorry. Now what?

Based on what we saw and heard during the Mark Zuckerberg theatrics in our nation’s capital, Facebook and Congress are doing little to boost that confidence.

Yes, Facebook, we know you’re sorry. Yes, Congress, we know you’re annoyed. Yes, we’ve heard your promises.

But how much good is all of that really going to do? I, for one, am not convinced that something substantial will be undertaken to curb the explosion of data breaches involving credit card numbers and other personal information.

Discussing the issue of credit card and Social Security data during the Capitol Hill hearings would have given me a tad more hope that Facebook and Congress are dead serious about shielding us from data breaches. But, alas, Mark Zuckerberg and members of Congress let me down.

See related: Orbitz, AmEx Travel and the new normal of data breaches, Data breach protection: 10 tips

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, we ask that you do not disclose confidential or personal information such as your bank account numbers, social security numbers, etc. Keep in mind that anything you post may be disclosed, published, transmitted or reused.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.