June 20, 2011, 2:16 PM

IRCE 2011 Report: Be prepared for when hackers attack

Retailers can mitigate the effects of an attack with a defined rapid response.

Lead Photo

E-retailers can’t afford to wait until they suffer a data breach to figure out how to deal with such an attack, Chris Pierson, chief privacy officer, senior vice president, Citizens Financial Group, said last week at the Internet Retailer Conference & Exhibition 2011 in San Diego.  “Make sure you have the relationships in place to combat breach,” he said. “Don’t do it on day one of the breach. “

That means that a retailer has to know who will handle all the essential roles, such as who will speak to the media. Doing so can prevent delays in notifying the public, which is often the biggest gripe voiced by consumers affected by a breach, he said. Most of the state and federal laws regarding notification state that merchants should alert the public without undue delay.

“The biggest issue is usually consumers asking, ‘Why did you wait so long to let us know?’” he said. “It’s something every company has to deal with.”

Along with internal employees who should be part of the pre-breach organization process, retailers should also determine whether they’ll also work with a data breach response who can help them navigate the various elements involved in breach response, such as determining what data is at risk and which, if any, customers or entities must be notified pursuant to state laws.

As part of a retailer’s breach preparedness, retailers should also look to every possible means of minimizing their risk for potential fraud. For instance, they should ensure that they use end-to-end encryption, which is the act of encrypting card data throughout the payment lifecycle from the time a card transaction is captured, through processing, and as long as it’s necessary to keep cardholder data on hand.

“You can’t stick your head in the sand,” he said. “You have to be ready.”

comments powered by Disqus




From The IR Blog


Paul Dobbins / E-Commerce

6 tips for maintaining sales during the post-holiday lull

Use that stellar email list you built during the holidays to market new products or ...


Jeff Sass / E-Commerce

How brands use domains beyond dot-com to attract shoppers

Amazon, for example, posts holiday ads to amazon.blackfriday.