| We've all heard it over and over again: protect | | | | When are they supposed to make time for the |
| your personal information because identity theft is | | | | "greater good"? |
| one of the most pervasive crimes in the current | | | | And even if they are only thinking of their own |
| online and digital environment. A criminal can do a | | | | company, it is still sometimes difficult to prioritize |
| lot with your personal information, which includes | | | | information security on the basis of a possible |
| destroying your credit history and your credibility. | | | | breach. There just always seems like there's too |
| Is it any wonder, then, that consumers are | | | | much to do in the here-and-now to worry about |
| becoming more and more weary about giving out | | | | possibilities. |
| their sensitive information? | | | | For that reason the major credit card companies |
| But, I hear you saying, surely the big companies | | | | came together and developed the PCI DSS (or |
| can be trusted. Surely the big, national chains have | | | | Payment Card Industry Data Security Standard). |
| their priorities set on information security. | | | | PCI compliance is now mandated by the Payment |
| This seems a valid assumption, until something like | | | | Card Industry so that companies will start to |
| the TJX incident happens. Beginning sometime | | | | realize how important information security, and |
| around July of 2005 some hackers spent nearly | | | | how they can benefit by implementing security |
| 18 months taking advantage of weaknesses in | | | | measures sooner rather than later. |
| their wireless network security. Recent company | | | | Any company that transmits, processes, or |
| estimates say that the breaches cost the | | | | stores sensitive credit card information is required |
| company in excess of 118 million dollars. Other | | | | to be PCI compliant. And to help encourage |
| outside sources have placed the estimates in the | | | | companies to work toward compliance, the PCI |
| range of 1.35 billion dollars when you throw in all | | | | Security Standards Council has provided a number |
| the other fines, legal fees, and extra costs. | | | | of incentives. These can come in the form of |
| Lack of information security clearly hurts both | | | | punishments or privileges, depending on how quick |
| customer and merchant. A security breach isn't | | | | you are to become compliant. |
| good for anyone. However, plain old theft is just | | | | The punishments can be harsh, but sometimes |
| the beginning of the problems. | | | | that's the only way to emphasize the importance |
| Right now, the trust and belief that companies are | | | | of information security. If a merchant is not PCI |
| dedicated to providing information security is the | | | | compliant when they suffer a security breach, |
| only thing that keeps digital commerce running. | | | | they could be subject to fines from $90 to $305 |
| But what happens when enough stories about | | | | dollars per breached record. |
| security problems come to the forefront of public | | | | The TJX incident resulted in nearly 100 million lost |
| knowledge? How much trust did TJX lose over | | | | credit card numbers. It doesn't require a lot of |
| their incident? What would happen if other huge | | | | mathematical knowhow to realize the implications |
| online stores suffered such a breach? How long | | | | here. |
| would it take to rebuild that trust? Will consumers | | | | PCI compliance means that you have taken all the |
| ever believe that you have a priority on | | | | required steps to ensure information security. |
| information security and trust you with their | | | | Though if you should still happen to suffer a |
| sensitive information again? | | | | breach, you can expect protection from those |
| Believe it or not, information security is for the | | | | fines in the form of something they call a Safe |
| greater good. | | | | Harbor. |
| And that could very likely be the reason why | | | | Information security is absolutely essential as we |
| some some companies have problems with | | | | delve deeper and deeper into the digital age, and |
| implementing proper security. Companies are not | | | | a merchant has a couple of choices. One, to start |
| used to dealing with the greater good. On any | | | | implementing strong security now and start |
| given day a business can have countless, | | | | experiencing the benefits of a secure site and |
| immediate problems that demand their attention. | | | | trusting consumer base. Two, wait until later, and |
| The basic mechanics of buying and selling alone | | | | risk acquiring a reputation that no business should |
| are enough to keep a company overly busy. | | | | want, and only a few can survive. |