If you read the NY Times today you probably saw this story: 11 Charged in Theft of 41 Million Card Numbers.
And if you shop at major retail chains like OfficeMax, Barnes & Noble, and BJ’s Wholesale Club you could be one of those affected.
Interestingly, the fraud ring is connected to the TJ Maxx breach announced in early 2007. And after reading the article and seeing the sophisticated schemes the fraudsters have – it is clear to me that retailers and ecommerce businesses need to really step it up in their data protection and network security both online and in their bricks and mortar stores.
Just as importantly, ecommerce businesses need to focus on building consumer confidence. Consumers want to feel safe and know that their identity and data is protected before choosing to spend their money. Here is a short list of some ways to do this:
- Don’t ask for more information than you need from consumers and eliminate using, capturing or storing full SSNs
- Keep a minimal amount of consumer data for the shortest period of time possible
- Take compliance initiatives seriously — don’t take shortcuts by meeting the minimum requirements, go the extra mile to protect consumers
- Use solutions that validate identities to protect your customers