Friday, September 25, 2009
Debit Or Credit? Neither
Now I casually slide my checkbook onto the card reader stand and perform that rare act of putting pen to paper while trying to avoid the annoyed stares of shoppers behind me in line who may lose a few seconds off their shopping time because I didn't use plastic.
But my check apparently isn't any safer. The Ponemon-Imperva study on PCI compliance report
released this week found that 55 percent of retailers and organizations who take credit cards don't bother securing their customers' Social Security numbers, driver's license numbers, and bank account details. And 79 percent of retailers surveyed had suffered at least one data breach.
Those aren't great odds.
Sure, even if you swipe your credit card at a retailer that's PCI-compliant, there's no guarantee your credit card won't get breached anyway. But more worrisome is the attitude of many of the retailers in the survey: most look at PCI as more of a "check-box" item than part of a strategic security initiative. If they're playing to the auditors, who's really minding the store and its customer data?
Then there are the opportunistic retailers. These companies are using PCI to parlay some other IT security purchases that they may not previously have had the funds for: "There's almost a dark side to this: they're putting things in the PCI basket that are really not PCI-critical and leveraging PCI for other security projects," says Brian Contos, chief security strategist at Imperva.