Sunday, April 13, 2014

The Need for Tougher Data Protection Standards

The massive Target data breach in November 2013 shed new light on the world of information technology and how companies go about protecting their massive quantities of valuable data. Despite the fact that the Payment Card Industry (PCI) Security Standards Council gave Target a passing grade on its data protection two months prior to the widespread theft. Major companies such as Hannaford Brothers, WorldPay, and Heartland Payment Systems were also hacked despite the fact that they were certified by the PCI regarding their credit card information protection. The reality is that tougher PCI standards may be required so that companies do not implement data protection systems that are not sufficiently capable of preventing data thefts.

The statistics in the article indicate that global card fraud increased by 15 percent from 2012 to 2013, and they also indicate that nearly half of all credit card fraud occurs in the United States. It just seems bizarre that this fraud continues to occur and bypass systems that receive certification from the PCI. Even though companies are passing the tests, the fraud counts continue to pile up in an era where data is just as valuable as ever.

One proposed solution for this matter would be to implement stricter standards for companies that will require them to strengthen their data protection before implementing it. Assuming that a PCI certification is necessary in order for data protection strategies to take effect, the certification should be made much more sophisticated and thorough in order to ensure that all credit card data faces as little theft risk as possible.

Although this parallel may seem extreme, it possesses a similar fundamental dilemma compared to the one facing the world of information technology today. In the aftermath of the terrorist attacks on September 11, 2001, the United States implemented the world's most strict airport security measures in order to prevent travelers from ever facing the same danger that they faced prior to the attacks. Now that the world of information technology has seen one of its most significant attacks, it seems appropriate for the regulating body to put in place the strictest regulations to date. While threats will likely always exist, they are less likely to occur if the data is forced to meet the most demanding security requirements in order to ensure its protection.

It is unfortunate that the world of data security needs data breaches in order to bring the necessity of protecting information to light, but that is often how the world works, and the most important step in the process is that no significant attacks take place in the aftermath. The data that flows through stores such as Target is not only invaluable for the stores, but its is invaluable for the consumers because it is their money and their information that is put at risk to be stolen. The implementation of more strict requirements from the PCI will be the next step in a series of steps that can help limit the spread of information and data theft throughout the United States.

Robertson, Jordan. "Why So Many Retail Stores Get Hacked for Credit Card Data." Bloomberg Business Week. Bloomberg, 20 Mar. 2014. Web. 14 Apr. 2014.

No comments:

Post a Comment