Last week's disclosure by TJ Maxx that hackers had stolen details of a staggering 45.7 million customer payment cards highlights several important points.
Firstly, retailers need to get their security act together. Sensitive customer data must be encrypted at all times and processed on secure platforms with effective intrusion prevention. Good key management is especially important. e-Business has transformed the retail sector, making security a major business requirement. But far too many retailers are laggards rather than leaders in this area.
Secondly, customers should be warned promptly about potential breaches if confidence is to be maintained. Despite all the complaints, Californian Law SB 1386 is proving to be both necessary and helpful for ensuring organizations come clean about security breaches.
Thirdly, the Payment Card Industry (PCI) Security Standard may have its faults but it's clearly necessary to ensure merchants and merchant acquirers raise their security game. PCI Security might be a little too broad in scope, over-prescriptive and expensive to implement. But we clearly need it.