Crumbs
Rich T finds some tasty titbits you might have missed in the week's news
Thursday 18 January 2007, 7:04 PM
Building security to the Maxx
Today I've been on the T.K.Maxx story, another case of a large retailer falling victim to credit card theft. In case you missed it, the cut-price clothes chain's parent company, TJX, has yielded to a hacker, who has run off with its customers' credit card numbers.
Now I'm not implying that cut-price retailers have cut-price security, but I guess targets with lesser IT budgets would tend to be easier to steal information from. To its credit TJX moved quickly to bring in the security experts to shore up its defences.
But the case does highlight some interesting questions about how customers' financial data should be stored. Should the retailer hold on to the information? What should they hold on to? How long should they hold on to it for?
Interestingly, there seem to be standards on the way which will help to clarify some of the answers to these questions. Visa, Mastercard and American Express, among others, have set up the Payment Card Industry Security Standards Council, which has developed the PCI Data Security Standard, containing some pretty well-defined security practices for organisations that hold credit card information.
I don't think for one moment that even if all retailers adopted best practice security that we'd see the end to credit card data theft, but surely it would be a very positive step in the right direction.
Now I'm not implying that cut-price retailers have cut-price security, but I guess targets with lesser IT budgets would tend to be easier to steal information from. To its credit TJX moved quickly to bring in the security experts to shore up its defences.
But the case does highlight some interesting questions about how customers' financial data should be stored. Should the retailer hold on to the information? What should they hold on to? How long should they hold on to it for?
Interestingly, there seem to be standards on the way which will help to clarify some of the answers to these questions. Visa, Mastercard and American Express, among others, have set up the Payment Card Industry Security Standards Council, which has developed the PCI Data Security Standard, containing some pretty well-defined security practices for organisations that hold credit card information.
I don't think for one moment that even if all retailers adopted best practice security that we'd see the end to credit card data theft, but surely it would be a very positive step in the right direction.
Previous
