Posted inPCI DSS compliance
With yet another high profile data breach hitting the headlines this week, it emphasises the absolute necessity for organisations to protect customer data...
As it transpires, TalkTalk did not store customer card data. However, over the four days it took them to confirm whether card data was breached or not, the damage to their brand, reputation and share-price could be irreversible. This stresses the fact that card data theft is a very real security issue and one that can destroy businesses.
Even the mere hint that card data could have been at risk, reduced their share price by 40%. This has mostly recovered, but the reaction from shareholders and consumers was immediate and the negative impact on their brand reputation will no doubt be significant. The fallout will linger well passed the headline news stage for months to come as they appease fines, legal costs and restore customer confidence with unplanned resources.
The question is, with so much at stake, why do companies insist on storing customer data on their systems? Do they really need to hold bank details, card details, social security numbers and other confidential information?
The technology is also available right now to keep this type of sensitive information completely out of their organisational environments. But time and again at Eckoh, we come across businesses that would rather take the risk of being hacked, than make the investment to protect their customer's data - "We'll deal with it, if and when it happens!". But with the sophistication and complexity of hacking increasing every day, a data breach could happen sooner than they anticipate; and cost more than they bargained on.
Many of our clients are turning to tokenisation solutions to keep personal customer data out of their organisations altogether. As they see it, they just want to get rid of sensitive card data as they don't need it and don't want it. They can still keep transacting as they always have done, but do not need to keep anything that may attract hackers.
This TalkTalk breach has no doubt given merchants in all sectors another wake-up call to reassess their own processes. The reality is that in the next number of years...NO business will hold unencrypted data, but until then the companies that do, are playing Russian roulette.
Latest Blog Items
Wednesday, 02 September 2020 Winning, losing & regaining customers in the COVID-19 eraWhat was the impact on your customer journey?
Wednesday, 01 July 2020 Remote working for contact centres: Critical next steps, beyond the crisisRemote working — is here to stay. How to make sure security is not compromised
Friday, 19 June 2020 Nine things that bug you about PCI DSS complianceCompliance with the Payment Card Industry Data Security Standard (PCI DSS) helps companies to demonstrate they can process card payments securely and reduce card fraud.