| We've all heard it over and over again: | | | | buying and selling alone are enough to keep a |
| protect your personal information because | | | | company overly busy. When are they supposed |
| identity theft is one of the most pervasive | | | | to make time for the "greater good"? |
| crimes in the current online and digital | | | | |
| environment. A criminal can do a lot with | | | | And even if they are only thinking of their |
| your personal information, which includes | | | | own company, it is still sometimes difficult |
| destroying your credit history and your | | | | to prioritize information security on the |
| credibility. | | | | basis of a possible breach. There just |
| | | | always seems like there's too much to do in |
| Is it any wonder, then, that consumers are | | | | the here-and-now to worry about |
| becoming more and more weary about giving out | | | | possibilities. |
| their sensitive information? | | | | |
| | | | For that reason the major credit card |
| But, I hear you saying, surely the big | | | | companies came together and developed the PCI |
| companies can be trusted. Surely the big, | | | | DSS (or Payment Card Industry Data Security |
| national chains have their priorities set on | | | | Standard). PCI compliance is now mandated by |
| information security. | | | | the Payment Card Industry so that companies |
| | | | will start to realize how important |
| This seems a valid assumption, until | | | | information security, and how they can |
| something like the TJX incident happens. | | | | benefit by implementing security measures |
| Beginning sometime around July of 2005 some | | | | sooner rather than later. |
| hackers spent nearly 18 months taking | | | | |
| advantage of weaknesses in their wireless | | | | Any company that transmits, processes, or |
| network security. Recent company estimates | | | | stores sensitive credit card information is |
| say that the breaches cost the company in | | | | required to be PCI compliant. And to help |
| excess of 118 million dollars. Other outside | | | | encourage companies to work toward |
| sources have placed the estimates in the | | | | compliance, the PCI Security Standards |
| range of 1.35 billion dollars when you throw | | | | Council has provided a number of incentives. |
| in all the other fines, legal fees, and extra | | | | These can come in the form of punishments or |
| costs. | | | | privileges, depending on how quick you are to |
| | | | become compliant. |
| Lack of information security clearly hurts | | | | |
| both customer and merchant. A security | | | | The punishments can be harsh, but sometimes |
| breach isn't good for anyone. However, plain | | | | that's the only way to emphasize the |
| old theft is just the beginning of the | | | | importance of information security. If a |
| problems. | | | | merchant is not PCI compliant when they |
| | | | suffer a security breach, they could be |
| Right now, the trust and belief that | | | | subject to fines from $90 to $305 dollars per |
| companies are dedicated to providing | | | | breached record. |
| information security is the only thing that | | | | |
| keeps digital commerce running. But what | | | | The TJX incident resulted in nearly 100 |
| happens when enough stories about security | | | | million lost credit card numbers. It doesn't |
| problems come to the forefront of public | | | | require a lot of mathematical knowhow to |
| knowledge? How much trust did TJX lose over | | | | realize the implications here. |
| their incident? What would happen if other | | | | |
| huge online stores suffered such a breach? | | | | PCI compliance means that you have taken all |
| How long would it take to rebuild that trust? | | | | the required steps to ensure information |
| Will consumers ever believe that you have a | | | | security. Though if you should still happen |
| priority on information security and trust | | | | to suffer a breach, you can expect protection |
| you with their sensitive information again? | | | | from those fines in the form of something |
| | | | they call a Safe Harbor. |
| Believe it or not, information security is | | | | |
| for the greater good. | | | | Information security is absolutely essential |
| | | | as we delve deeper and deeper into the |
| And that could very likely be the reason why | | | | digital age, and a merchant has a couple of |
| some some companies have problems with | | | | choices. One, to start implementing strong |
| implementing proper security. Companies are | | | | security now and start experiencing the |
| not used to dealing with the greater good. | | | | benefits of a secure site and trusting |
| On any given day a business can have | | | | consumer base. Two, wait until later, and |
| countless, immediate problems that demand | | | | risk acquiring a reputation that no business |
| their attention. The basic mechanics of | | | | should want, and only a few can survive. |