PCI Data Breaches: Keeping High-Risk Employees at Bay


Share on LinkedIn

PCI (Payment Card Industry) breaches are everywhere, and they’re not necessarily due to external hackers. Many of the top breaches in credit card information have occurred because of internal data leaks due to employee negligence, or malicious insider jobs.

Whatever the cause – the damages prove to be crippling. Take Home Depot’s latest scandal for example: Home Depot reached a settlement after their massive data breach exposed the email addresses and credit card details of 50+ million customers. The major home improvements retailer will pay $25 million in addition to the $19.5 million payouts already paid in compensation.

While these are staggering sums, a more pressing question arises: Can one really put a price tag on consumer privacy, security, and trust? You can refund credit card charges and repay damages, but recovering your company’s reputation may prove to be a lot more difficult.

Customer Trust – More Than a Dollar Figure

Companies spend millions of dollars annually to gain and win over customer trust. Once that trust is broken, it’s not so easily repaired. Consider the following:

– In a Global Internet Report, approximately 60% of consumers said they couldn’t trust a company once it had been breached.
– In the UK, that figure rose to almost three-quarters of respondents.
– Additionally, three-quarters of consumers said they trust companies less now that data breaches are so frequent.
– Shockingly, almost 4.5 million records are stolen each day, and only 4% of those incidents are using encryption measures.

With so much theft circulating, it’s difficult for customers to place their faith in credit card companies and eCommerce sites. Businesses today need to take proactive approach to protecting customer data, from security risks both inside the company and out.

Dealing with the Problem

Among the retail industry, a sector-wide security policy known as Payment Card Industry Data Security Standard (PCI DSS) has been instituted to establish credit card safety best practices. The PCI DDS standards were drawn up by five of the major credit card companies including American Express, MasterCard, and Visa, to ensure that credit/debit card data remains secure in the hands of commerce merchants.

Some of the more important internal security policy points and regulations include:

– Implement tiered access control: Tiered access control allows only those employees who need to access data to see the information. This way sensitive information is only handled by those in higher positions who are more accountable.

– Ensure accountability: Utilize user ID tags for anyone with computer access. This allows company executives to know exactly who accessed what information and when.

– Continuously monitor and track all network activity: Employee monitoring has been shown to be one of the most effective ways of keeping internal threats to an organization under control. Monitoring software allows you to silently track all network activity, so you can see when anyone has connected to your network, as well as what they are doing there. Suspicious behavior is flagged, and managers are alerted immediately.

– Maintain strict security policies within your organization: Employees need to know security protocol, and these procedures must be enforced and taken seriously in order for them to effectively curtail data leaks, intentional or otherwise.

Regaining Consumer Confidence With Unwavering Commitment to Security

By implementing these carefully structured security policies, businesses can help better protect consumer payment information, cutting down the risk of data leaks by over 90%! Hopefully, consumer trust can then be regained, and credit card users can once again feel safe handing over their details.

This article was original published on IT Security Central and was reprinted with permission.

Isaac Kohen
Isaac Kohen is VP of R&D at Teramind, a leading, global provider of employee monitoring, insider threat detection, and data loss prevention solutions.


Please use comments to add value to the discussion. Maximum one link to an educational blog post or article. We will NOT PUBLISH brief comments like "good post," comments that mainly promote links, or comments with links to companies, products, or services.

Please enter your comment!
Please enter your name here