Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live one-hour teleconferences:
* Transforming IT Teams
September 16
* Global CIOs: How to Lead on the World Stage
September 18
* Social Responsibility's Strategic Benefits
October 29
Apply today for a FREE subscription to CIO Magazine!
Why Should Merchants Keep Credit Card Data?
The retail industry advocates keeping a bare minimum of customer financial information. Just enough to still serve your customers without providing potential thieves what they need.
December 06, 2007 — CIO —
Who would question the assumption that retailers should protect their customers' credit card data? The retailers. As businesses that take credit cards have embarked on the costly trek toward the Payment Card Industry's (PCI) compliance, some members of the National Retail Federation, an industry trade association, are wondering why this security effort has fallen into their laps.
Last October, David Hogan, CIO of the NRF, challenged the basic assumption behind PCI's new Data Security Standard (DSS)—that retailers need to keep credit card data at all. In a letter to the PCI Security Standards Council General Manager Bob Russo, Hogan suggested that if credit card companies didn't force merchants to store this information in the first place, then merchants wouldn't have to invest "hundreds of millions of dollars annually" and "jump through extraordinary hoops" to protect it.
Instead of keeping "reams of data," Hogan writes, retailers could store just the authorization code given at the time of sale, along with part of the receipt: stuff no data thief could possibly want or use. With no credit card data to steal, hackers would look elsewhere. As for merchants, they'd still retain enough evidence of a valid transaction to serve their customers, such as by processing returns.
And to what targets would hackers have to aim, with no credit card info in the stores? To "credit card companies and their member banks," Hogan writes, who could secure their caches of data "in whatever manner they wished." In other words, it's their data—let them take the responsibility for it.
In a statement, the PCI Security Standards Council said that the request needs to be taken up with the card companies themselves, though the Council said it would respond after reviewing the letter.
© 2008 CXO Media Inc.
The Latest Advancements in SSL Technology
Getting in Compliance with Government Data Regulations by Leveraging Online Security Technology
How to Offer the Strongest SSL Encryption
The Hydra and the Onion: A Multi-Layered Security Model for Today's Dynamic IT Threat Environment
Data Loss Prevention Starts at the Endpoint: Seeking Safety from the Data Loss Pandemic
Solving Online Credit Fraud Using Device Reputation
Rethinking the Corporate Help Desk: Learn how to deliver anywhere, anytime incident response
Building Competitive Advantage with Next-Generation Wireless Infrastructure
Find out what Forrester says about mobile endpoint security and its management.
Get Forrester's take on simplifying mobility with the universal wireless client.
Advanced DNS and Traffic Management Solutions: The Keys to Enhancing and Securing your Enterprise Network
Solutions to the Toughest IT Challenges in Remote Offices
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
At 10, Google Reiterates Commitment to CIOs
Nokia Adds Address, Calendar Sync to Ovi
Oracle Said to Be Making Progress on Fusion Apps
Libertarian Barr, EPIC Outline Privacy Agenda
As Google Turns 10, Enterprise Success in Question
Innovative Thinking Gets a Kick in the Pants
Disk Storage Drove Ahead in Q2
MySQL Cofounder May Resign
VMware Virtual Servers Get 5X Faster Shadow Copy With V2 of Vreeam Backup
Browser War Redux, Patch Time, IPod News
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
