Consumer data may be more vulnerable offline than online, expert says

Confidential customer information held by brick-and-mortar merchants may be more vulnerable to fraud than data held by Internet merchants, says Debra Rossi, executive vice president of merchant payment solutions at Wells Fargo. When online shopping first began, there were fears that criminals would be able to steal unencrypted data out of the firewall of an online retailer, Rossi says.

Instead, restaurants, stores and other merchants are proving to be easy targets. “About eight months ago, somebody walked out of one of those sports clubs with a box with all the Social Security numbers and credit card numbers,” Rossi says. “This is proprietary data. You must keep it in a secure place. If it’s online, it must be secure. If it’s offline it must be secure.”

Rossi says that Wells Fargo’s 40,000 online merchants are fully compliant with Visa’s Cardholder Information Security Program and that it is now working with its offline merchants to secure confidential cardholder information. CISP outlines Visa’s requirements for protecting online retailers’ consumer databases.