Merchants have a long road ahead of them in securing the consumer transaction data they house in their databases, if a survey released this week is any indication. Fewer than half of retailers surveyed have a formal plan in place to handle database intrusions, and of those that do, only one-fourth have tested it, according to a preliminary analysis of the Retail Data Security Benchmarking Study, which was conducted by Retail Systems Alert Group and released at a conference on retail data security in Chicago sponsored by the company. At the same time, just 32% of those surveyed are encrypting consumer transaction data, a key requirement of the Payment Card Industry data-security standard (PCI). “We were surprised that not everyone was in tune with PCI,” said Brian Kilcourse, chief strategist for Retail Systems Alert Group, a publisher and conference organizer specializing in retail technology, during a presentation of the results. “We have a long way to go. I frankly thought we would have made more progress.” The findings come in the wake of well-publicized incidents in which hackers have been able to gain access to sensitive consumer transaction databases housed by retailers and payment processors. The largest such incident involved CardSystems Solutions Inc., a card-transaction processor for merchants. But other such data breaches were reported in recent months by BJ's Wholesale Club, DSW Shoe Warehouse, and Polo Ralph Lauren. In January, the major card networks introduced PCI as a single standard for securing card-transaction data. The survey included responses from 71 retailers and merchandisers, according to Retail Systems Alert Group, and was intended to collect information on the extent to which merchants are collecting and using consumer data, and how they are securing it.
Check Also
Holiday Shoppers Are Expected to Spend More This Year As the Season Gets Set To Kick Off
Consumers will spend a record $650 per person during Black Friday-Cyber Monday shopping events, a …