The news surrounding Target keeps rolling in (and getting worse) but you can take steps to make sure your customers private information isn’t up for grabs.
The Data Damage
Originally, Target reported the breach compromised payment data from 40 million shoppers between November 27 and mid-December. According to the New York Times, that number has jumped to a possible 110 million people, making this one of the most widespread breaches of retail data ever.
If that weren’t bad enough, the information leaked now includes not only credit card records, but also names, mailing and email addresses, and phone numbers, which makes these people even easier targets for identity theft.
It’s no surprise consumers are keeping their cards a little closer, but businesses can increase security standards to ensure their customers can shop safely.
Experts Say Target May Not Be PCI Compliant. Are You?
The first step is making sure your company follows card security standards. A new set of payment card industry standards, PCI DSS 3.0, went into effect recently, just a few weeks after the security breach.
Nick Aceto, technology director at CardConnect, told USA Today that, Target may not have even been PCI 2.0 compliant, a failure that could have made them more susceptible to security issues.
“Based on what Target has said, it's very hard to believe that they were even PCI 2.0 compliant at the time of the breach,” says Aceto. “A reason for thinking this is that the attack, involving an enormous amount of data, went on essentially unnoticed for 18 days. How were they not watching the network?”
PCI compliance requires daily monitoring of logs and firewalls, which should have prevented the breach from lasting nearly three weeks.
Stripe Can Secure Your Site
Customers aren’t taking this breakdown of security, and trust, lightly. Target is reporting a 2.5% decrease in sales, which could result in closing more stores beyond the 8 already scheduled to close.
How do you protect your company's eCommerce system from encountering a similar issue? You may want to stop handling your customer’s credit card information altogether. You can dramatically reduce the risk of security issues by using a service like Stripe or Paypal to process credit cards. These services handle the tricky security issues that come with storing credit card information, so you don’t have to.
Integrating Stripe into your existing site is easy and it automatically makes your customers payments more secure because none of their sensitive information is stored on your server. Plus, Stripe is certified PCI level 1, meaning it adheres to the strictest PCI standards.
It's available to businesses of all sizes in the US, Canada, UK and Ireland and accepts payments from around the world. So, no matter where your customers live, their sensitive data is protected.
And yes, it’s mobile friendly.
Customers are more likely to keep coming back to brands they trust, especially in the light of such a widespread breakdown of security like Target (and now Neiman Marcus as well). Whatever methods you use to become PCI 3.0 compliant, your customers will appreciate the confidence of knowing their information is safe.