“We live in an age of cyberthreats, causing companies to implement tighter regulations to ensure that their customers’ vital data is safe and secure.
Last week, Kathmandu reported that the credit card details of their customers may have been stolen by an unidentified third party for over a month; this raises an alarming problem. Following similar breaches like those at British Airways and Ticketmaster last year, it was really only a matter of time before we saw similar breaches here in Australia.
Moreover, this reinforces the fact that merchant organisations should not retain or store card holder data, and in fact doing this can place their entire business at risk, as proven by these recent breaches. While Kathmandu haven’t yet revealed the technical details of the breach, it has been suggested that they were the victims of ‘formjacking’, where criminals can obtain not just credit card numbers and expiry dates, but also the CVV numbers, which are not permitted to be stored by merchants or payment gateways.
Australian credit card handling practices regularly fall short of PCI compliance and we need to make a strong effort to ensure that we comply with PCI best practice – the PCI Data Security Standard (DSS), and implement the right policies, practices and technologies across all customer touchpoints. This will enable customers to conduct transactions in-person, online and over the phone safely without putting businesses’ reputations and trust at risk.
On this note, in the last few weeks alone we have seen the reputational and financial fallout that can occur following the news that property valuation firm, LandMark White experienced a data breach which revealed loan details of over 100,000 customers and was reported to have resulted in board resignations and the CEO, Chris Coonan, to depart.
It’s also worth noting that it is not only large enterprises that can be targeted as many SMB’s also fall victim to data breaches and the fallout from this can be just as devastating to their business. This is why all organisations, regardless of size need to ensure that they reduce their exposure to the potential risk of storing payment information, regardless of whether it is collected online or over-the-phone.
Dual Tone Multi Frequency (DTMF) masking technology which allows buyers to enter their payment details while they are on the phone with the merchant are more robust and secure than online payment systems. This way companies be assured that they will be able to retain their customers’ trust.”
Charles has over 30 years of experience in the Information Technology sector including 15 years in IT security. Leading Natterbox Cloud Voice provider in Asia Pacific Operations, he is at the forefront of knowledge on the effects of the Internet on modern workplace practices, with expertise cited in Australia and Internationally.