As consumers continue to shy away from the mall and gravitate toward online shopping options, it is clear that online merchants need to do whatever they can to ensure consumer information stored on their systems is adequately protected.
According to a recent comScore report, retail eCommerce spending reached $38 billion in the first quarter of 2011, growing 12 percent from a year ago. This marks the sixth consecutive quarter that year-over-year online spending has increased, and represents a growing trend among consumer shopping habits.
However, at the same time, many online retailers are not taking the necessary steps to protect their customers. This is unacceptable, as a savvy cyber criminal could potentially breach a merchant’s database and steal a wealth of credit card and other personal information.
Several organizations have established standards and incentives to encourage businesses to take care of customer information. The Payment Card Industry Security Standards Council, for example, recently issued an updated version of its PCI Data Security Standard, which details a number of best practices for businesses that collect and handle consumer information.
While the PCI Council itself does not punish companies for failing to comply with the PCI DSS, credit card companies and other industry players can impose fines and sanctions on businesses that don’t employ effective data protection practices.
Furthermore, companies that do comply with the PCI DSS tend to suffer fewer data breaches than those that don’t. According to a recent study by Imperva and the Ponemon Institute, 64 percent of business that are compliant with the PCI DSS have not experienced a data breach in the past two years, while only 38 percent of non-compliant companies can say the same.
There are several steps a business can take to improve data security practices. For example, many businesses have found deploying cloud-based security software relieves some of the pressure associated with protecting user information, instead giving some of the responsibility to the cloud vendor, who often has more resources to protect against cyber security threats.
Security News from SimplySecurity.com