Retailers on Deadline to Secure Data
By George Anderson
Businesses that accept credit card payments need to secure customers’ personal information from identity thieves by June 30 or face fines as well as the potential for legal liability for their failure, reports The Wall Street Journal.
Retailers are responding to a deadline set by a consortium of credit-card associations representing Visa, Mastercard and others that have issued a set of computer security standards covering all aspects of the card-processing system. This, reports the Journal, includes “databases, e-mail services, wireless access points, Web applications and firewalls that restrict outsiders’ access to internal networks.”
According to the card companies, most retailers have passed audits demonstrating that consumer information is secure but Chris Noell, vice president of Solutionary Inc., which audits retailers’ systems said mistakes are being made as companies scramble to meet the deadline.
In a lot of cases we find some pretty severe issues,” he said. “Everybody’s in a rush to get a clean report they can turn into Visa.”
The urgency of compliance has been made even apparent by the latest report that a still yet-to-be-determined number of consumer records were stolen from Polo Ralph Lauren. This follows similar cases of database theft from DSW Shoe Warehouse, Lexis-Nexis and ChoicePoint Inc.
Moderator’s Comment: What is the state of data security in the retail industry? How do marketers define where the line is between having enough personal
data to better serve customers without exposing them to additional risk?
The WSJ story told of one company’s experience. 3Delta was storing the three-digit “cardholder verification value” on the back of cards so that clients
would not have to enter it with every transaction.
Under the new standards, retailers cannot store this data. Aaron Bills, 3Delta’s vice president of products and business development, said the company asked
Visa for an exemption and were told, “Thanks. We understand your logic. It doesn’t matter. Get rid of it.”
The data was removed in 24 hours said Mr. Bills. –
George Anderson – Moderator
- Retailers Rush To Secure Data Against Theft – The Wall
Street Journal (sub. required)