Business Column

Customers can help companies make data security a priority

Audra Linsner | Assistant Illustration Editor

Bruegger’s Bagels was recently hacked revealing personal credit card information such as the customer’s name, their card number, expiration date and security code.

Many customers do not know that, when they use their credit or debit cards in a retail store, the point-of-sales machine records their card information and stores it in the company’s database. If this data is not safeguarded properly, it’s vulnerable to hackers.

Companies should do more to secure their database systems and inform their customers on how they store sensitive information.

Bruegger’s Bagels was recently hacked revealing personal credit card information such as the customer’s name, their card number, expiration date and security code. The company later stated that customers who visited their stores between Aug. 28 and Dec. 3 are likely to be affected, and urged them to check their credit and debit card statements for discrepancy.

Many Syracuse University community members regularly use their debit and credit cards to make payments, and some may have visited Bruegger’s Bagels during the data breach.

The public should be protected against negligence when companies handle credit card information.



databreach

Susie Teuscher | Digital Design Editor

The Payment Card Industry Security Standards Council formulates guidelines for companies to follow in order to securely process the debit and credit transactions of customers. It’s recommended that companies follow these guidelines when dealing with customer card transactions, but it’s not mandated by law.

“So, while the standards are very important, they are relatively ineffective, if there is no requirement to follow them. Having said that, these organizations who created the standards, they could engage in far more public education of the companies, and to spread the word about the massive amount of data breaches that have been happening, and also the cost affecting companies, with regards to class action lawsuits that are created against the companies,” said Dr. Ann Cavoukian, a professor at Ryerson University.

Also, the storage practices of retail store companies unnecessarily leave customers vulnerable to data breaches.

The council recommends that companies not store customers’ credit card information unless absolutely required, and encrypt it if it is. Bruegger’s Bagels didn’t indicate whether the data was encrypted.

Companies say that they store customer information for when they need to issue a refund and provide coupons or discounts based on the purchases made.

Companies don’t delete customer data, even after the transactions have been approved by the customer’s bank. The data is still stored in their databases, and these have been hacked in the past.

“The first thing I tell companies is, after you receive the payment, delete the information, do yourself a favor, because all those reasons you mentioned, there is no benefit for the customer when you are storing the data,” Dr. Cavoukian said. “You have a data breach and a hacker gets it, then it’s a nightmare for your customers and it’s going to be a nightmare for you, the company, because you are going to pay for it in losses.”

Data security should be a priority for companies, and we have a right to know where our personal data goes.

Paul Sujith Rayi is a second-year masters student majoring in Information Management. His column appears bi-weekly. He can be reached at [email protected].

ch





Top Stories