Friday, September 25, 2009

Debit Or Credit? Neither

I stopped using my debit card altogether a couple of years ago out of an intense fear that I would never recoup the losses if my card was skimmed in the grocery-store line or compromised at TJ Maxx.

Now I casually slide my checkbook onto the card reader stand and perform that rare act of putting pen to paper while trying to avoid the annoyed stares of shoppers behind me in line who may lose a few seconds off their shopping time because I didn't use plastic.

But my check apparently isn't any safer. The Ponemon-Imperva study on PCI compliance report

released this week found that 55 percent of retailers and organizations who take credit cards don't bother securing their customers' Social Security numbers, driver's license numbers, and bank account details. And 79 percent of retailers surveyed had suffered at least one data breach.

Those aren't great odds.

Sure, even if you swipe your credit card at a retailer that's PCI-compliant, there's no guarantee your credit card won't get breached anyway. But more worrisome is the attitude of many of the retailers in the survey: most look at PCI as more of a "check-box" item than part of a strategic security initiative. If they're playing to the auditors, who's really minding the store and its customer data?

Then there are the opportunistic retailers. These companies are using PCI to parlay some other IT security purchases that they may not previously have had the funds for: "There's almost a dark side to this: they're putting things in the PCI basket that are really not PCI-critical and leveraging PCI for other security projects," says Brian Contos, chief security strategist at Imperva.

Dark Reading


  1. The only thing they understand in this country is class action lawsuit. Customer have to start suing retailer who have data breach for not properly securing personal information. After few class action the industry will move toward a more secure model.

    Also, I don't understand why there is so many companies still asking for social security number.

  2. Crazy isn't it? Fortunately retailers are now being held responsible for their negligence. The ones who don't keep up with the changes will be stuck with some heavy fines that will likely put many small fries out of business.