Data breaches are in the news in full force so far in 2014.
First there was the colossal Target security breach that compromised over 100 million customer accounts and may yet impact hundreds of thousands of Canadian consumers. Now Merrillville, Ind. White Lodging services Crop. reports its point of sales systems used at hotel chains such as Marriott, Holiday Inn, Westin, Renaissance, and Radisson have suffered a suspected data breach. The data may have included customer names, credit card or debit card numbers, security codes and expiration dates. Fourteen hotel locations in the U.S. are affected.
In the wake of these breaches, the US banking and retail sectors are waging vocal fights to assign blame and pin responsibility on one another.
But what if there was a better way? We hear a lot about chip-and-pin (EMV cards) and the advantages of Canadian retailers vis-a-vis security, but is it really superior? As it turns out, yes, it’s useful and effective, but only in the presence of other layers of control. So let me take a crack at a simple list that would serve to provide Canadian retailers with an effective way to protect cardholder data. As such they need to:
1. Comply with Canadian privacy law.
2. Adhere to the PCI-DSS 3.0 standard.
3. Adopt EMV payment systems.
4. Employ intrusion detection technologies.
5. Conduct employee background checks.
6. Deploy physical security measures.
Although few Canadian retailers will confess to it, they’re scared because that’s the kind of publicity they don’t need. I don’t believe they have a false sense of security. I believe they are experiencing uncertainty in their ability to protect payment cards, and as such they have to make a decision: to invest in data protection, or not.