PCI DSS Compliance PCI DSS COMPLIANCE

Customer security onlineTesco, Target, eBay, Office – all major retailers with a significant online presence and always seeking to understand what their customers want to buy, how they want to buy it, and what would make them buy more. The delivered retail experience and an intimate understanding of consumer psychology are where the retail battles are fought in 2014.

However, the latest eCustomerServiceIndex (eCSI)* survey from IMRG and eDigitalResearch revealed that more than half of the online shoppers surveyed asked for - not more loyalty cards, coupon schemes or just bigger discounts – but better online security.

Of course, all of the retailers mentioned above also have something else in common in that they have all recently been subject to security breaches involving customer payment cards or personal information.

The conclusion drawn from the findings by eDigitalResearch is as follows:

“Onus is very much on retailers to invest in and improve their security measures for their online customers – over two thirds (67%) expect organizations to contact them immediately (within 6 hours) by email or phone if security had been breached and it leads to a potential loss of data”

In other words, customers don’t just expect to be better protected but are savvy enough to appreciate that breaches can still happen even with appropriate security best practices in place, and are wanting contingency plans in place that allow them to be notified within the same business day in the event of a breach occurring.

It speaks of a very realistic view on cyber security and one that is encompassed not only by the PCI DSS (which online retailers should be operating in order to meet agreements with their banks and the payment card brands) but all other security best practice frameworks.

These principles should be mirrored within non-stop security management solutions, which help organizations ‘harden’ their IT systems to render them less prone to attack by removing all known vulnerabilities, and in addition, put in place intrusion detection functionality as a contingency.

In doing so, if a system is still breached despite all the defenses being enabled, the retailer would know that an attack has succeeded and ensure that other action can be taken to prevent the damage being any greater than it needs to be.

If you consider that the breach at Target was only acted on after it had been operational for two and a half weeks, but during that period, over 40 million payment card details were stolen and 70 million customers had their personally identifiable information compromised, you can see why the speed of detection is essential. If the 6-hour detection and notification deadline expected by customers had been met in this case, the damage would have been minimal, rather than catastrophic as it has been.

Retailers would do well to listen to customers’ expectations and pay heed to the lessons learned by their peers. The growing consumer awareness of online security will ultimately expose those organizations that fail to take online security seriously to significant repercussions of brand damage.

 

 

*eDigitalResearch’s and IMRG’s eCustomerServiceIndex

 

 

NNT Products
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies LLC
Rivers Lodge
West Common
Harpenden
Hertfordshire
AL5 2JN

Tel: 01582 287310
email [email protected]
Connect
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.