Print

Comment

Email

Digg

Del.icio.us

Reddit

Twitter

A recent survey of over 500 US and other MNCs has revealed that they are still struggling with consumer data security, possibly because that is not a top priority for them. It is both surprising and saddening that in the land where security is a national paranoia and said to be above everything else, organizations have not been able to come to grips with it. We must not forget that US is also the country where there have been data security standards in place for a few years now.

Conducted by a Ponemon Institute in the US, this survey threw some very interesting yet alarming results. More than 70% companies surveyed agreed that consumer data security is not a top strategic initiative. Over 55% companies accepted that they secure only crucial credit card data of the consumer and not other information like social security, drivers license, and bank account, and other details about consumers and their families. The difference between large and small companies was stark according to the survey. Only 28% of smaller companies actually comply with PCI as opposed to 70% of larger companies.

The PCI-DSS (Payment Card Industrys Data Security Standard) is a guideline for all businesses that handle credit card information for protecting consumer data, and has been in place since June 2005. The research report also states that despite PCI-DSS being there for sometime now, data breach and credit card fraud cases have only been going up, except for those places where businesses have taken it up at a strategic level.

The survey recommends some practical initiatives that can go a long way in enhancing security for the consumer as well as the company that it deals with. For instance, there can be a companys security compliance logo for consumers so that consumers general awareness about security goes up, and they also know about security compliance status of the retailers they do business with. And the need for a company champion who owns and drives security in the company, and is strongly empowered to direct numerous teams for support. Surely companies should ultimately be able to leverage their investment in security compliance. It is very easy to pass the blame on businesses, but another interesting finding of the survey is that only 23% of the respondents believed that PCI-DSS compliance is positively contributing to their organizations security. Surely a lot of work in terms of creating awareness and working out the right solutions is required to be done by vendors, before they can accuse businesses of been complacent.

This survey might be a reflection of the state of affairs in the US, but I believe that it will have a great relevance for a country like India, where the role of IT in retail is going up significantly. The use of all sorts of smart cards including credit and debit cards is on the rise here, and unless Indian business gear up for security challenges, we will see big disasters happening.

Ibrahim Ahmad
ibrahima@cybermedia.co.in

Page(s)   1