Following several high-profile incidents of data theft, retailers are under increased pressure to clean up their computer security act.
Leading the effort are MasterCard International and Visa USA, which are giving major retailers until June 30 to comply with a new set of computer security standards aimed at protecting consumer data. Retailers that don't comply with the Payment Card Industry, or PCI, data security standard may face penalties, including fines.
Credit card companies have been urging retailers to tighten data security for some time, but recent reports of credit card information theft at Polo Ralph Lauren and shoe retailer DSW have heightened the stakes for merchants both online and off.
"The interesting thing about all of this is that the online environment and the physical-world environment are colliding," said John Verdeschi, vice president of e-business and emerging technology at MasterCard. "There is an interest now in securing all channels because in the electronic age, data is traversing networks in different ways."
In other words, Amazon.com and eBay aren't the only sort of merchants that need to worry about virtual intruders. Shops with storefronts at the mall and on Main Street are at increasing risk of computer attacks, too, as data thieves become more sophisticated and networks grow more complex. Retailers are contributing to the problem by collecting ever more massive stores of consumer data and sharing it with business partners.
The PCI security standard, which was developed by MasterCard and Visa, aims to reduce the risk of an attack by mandating the proper use of firewalls, message encryption, computer access controls and antivirus software. It also requires frequent security audits and network monitoring, and forbids the use of default passwords. The trickiest part will be getting all the parties in the payment processing chain, including retailers, banks and third-party transaction processors, to adopt the standards.
Read this full article at CNET News
Powered by AkoComment! |
