Retailers that don’t encrypt confidential customer information risk database breach
Online retailers put themselves at risk for a database breach if they hold unencrypted confidential customer information on their disk drives, says Scott Sweren, National Practice Manager for Fortrex Technologies Inc., a data security company.
“A lot of companies aren’t appropriately encrypting that data,” he says, adding that retailers shouldn’t be storing confidential data-such as credit card account numbers-related to a purchase once the sale is completed. “The longer you hang on to it, generally the more data you accumulate, and the more information you put at risk.”
Online merchants also may not realize they’ve had a security breach until they’re notified by their merchant bank, Sweren says.
“It’s not like traditional physical crime where you know something is stolen because when you go to look for it, it’s missing,” he says. “With cybercrime, people can steal exact duplicates or replicas of the information and not disturb original.”