Latest Data Breach: Why do companies still risk storing customer data?

With yet another high profile data breach hitting the headlines this week, it emphasises the absolute necessity for organisations to protect customer data...

As it transpires, TalkTalk did not store customer card data. However, over the four days it took them to confirm whether card data was breached or not, the damage to their brand, reputation and share-price could be irreversible. This stresses the fact that card data theft is a very real security issue and one that can destroy businesses.

Even the mere hint that card data could have been at risk, reduced their share price by 40%. This has mostly recovered, but the reaction from shareholders and consumers was immediate and the negative impact on their brand reputation will no doubt be significant. The fallout will linger well passed the headline news stage for months to come as they appease fines, legal costs and restore customer confidence with unplanned resources.

The question is, with so much at stake, why do companies insist on storing customer data on their systems? Do they really need to hold bank details, card details, social security numbers and other confidential information?

The technology is also available right now to keep this type of sensitive information completely out of their organisational environments. But time and again at Eckoh, we come across businesses that would rather take the risk of being hacked, than make the investment to protect their customer's data - "We'll deal with it, if and when it happens!". But with the sophistication and complexity of hacking increasing every day, a data breach could happen sooner than they anticipate; and cost more than they bargained on.

Many of our clients are turning to tokenisation solutions to keep personal customer data out of their organisations altogether. As they see it, they just want to get rid of sensitive card data as they don't need it and don't want it. They can still keep transacting as they always have done, but do not need to keep anything that may attract hackers.

This TalkTalk breach has no doubt given merchants in all sectors another wake-up call to reassess their own processes. The reality is that in the next number of years...NO business will hold unencrypted data, but until then the companies that do, are playing Russian roulette.

Loading Conversation

Posted by eckoh at 12:18 PM on Nov 4, 2015


Recent Posts

Does it feel like it's panto season in your contact centre every day? If so,…


We've all watched on in horror ... as an out-of-control child creates havoc at a…


Are customers mysteriously falling out of love with your business — despite your…