June 20, 2011, 2:16 PM

IRCE 2011 Report: Be prepared for when hackers attack

Retailers can mitigate the effects of an attack with a defined rapid response.

Lead Photo

E-retailers can’t afford to wait until they suffer a data breach to figure out how to deal with such an attack, Chris Pierson, chief privacy officer, senior vice president, Citizens Financial Group, said last week at the Internet Retailer Conference & Exhibition 2011 in San Diego.  “Make sure you have the relationships in place to combat breach,” he said. “Don’t do it on day one of the breach. “

That means that a retailer has to know who will handle all the essential roles, such as who will speak to the media. Doing so can prevent delays in notifying the public, which is often the biggest gripe voiced by consumers affected by a breach, he said. Most of the state and federal laws regarding notification state that merchants should alert the public without undue delay.

“The biggest issue is usually consumers asking, ‘Why did you wait so long to let us know?’” he said. “It’s something every company has to deal with.”

Along with internal employees who should be part of the pre-breach organization process, retailers should also determine whether they’ll also work with a data breach response who can help them navigate the various elements involved in breach response, such as determining what data is at risk and which, if any, customers or entities must be notified pursuant to state laws.

As part of a retailer’s breach preparedness, retailers should also look to every possible means of minimizing their risk for potential fraud. For instance, they should ensure that they use end-to-end encryption, which is the act of encrypting card data throughout the payment lifecycle from the time a card transaction is captured, through processing, and as long as it’s necessary to keep cardholder data on hand.

“You can’t stick your head in the sand,” he said. “You have to be ready.”

comments powered by Disqus




From IR Blogs


Adrien Henni / E-Commerce

Russian's new data law: What e-commerce firms need to know

All personal data must be stored in Russia, and not in cloud servers elsewhere. Here ...


Anna Kuzmina / E-Commerce

An introduction to online payments in Russia

Russian shoppers use a variety of domestic e-wallets quite often when shopping online, a result ...