Where do data losses actually occur?

Most businesses that accept credit cards online have become more aware of Payment Card Industry (PCI) security regulations like CISP, and SDP. What I find to be an interesting figure is that very little data loss actually occurs with online businesses.

Roughly 65% of all data security breaches occur at restaurants, the next largest group retail stores claim about 12%, and the remaining percentage is split between every other type of business out there including online. The simple truth is that with all the scrutiny over online businesses, card companies have failed to see the actual problem. It is retail businesses where employees and even customers often have direct access to sensitive data. Online businesses, even with poor security would require someone very knowledgeable in networking and computers to compromise their data. Any average Joe could obtain a credit card skimmer and use it at the restaurant where they work.

What this concludes is that somewhere along the line, card companies ignored where data breaches actually occur, and just decided to target all online businesses. Now everyone has to jump through hoops when for many there is absolutely no risk of a security breach because the information just isn’t there to steal.

Security is extremely important for all businesses, and protecting cardholders information is every business’s responsibility. Don’t store sensitive data if you don’t have to, and if you do, make absolutely sure you know how to encrypt and store it properly.

Also, if you use any custom made POS software system, you may want to check with the programmer that the system is not storing track data. If it is and you get caught, you can get up to a $100,000 per month fine until it is fixed. That is just a fine for storing the track data, not for an actual data breach which could be significantly higher.