You Guard it with Your Life
The important part about the laptop with 243,000 customer records including credit cards stolen is not the theft itself. It is what the heck these credit card numbers were doing on the laptop in the first place. They should never, ever have been there. There is no reason they should have left the ultra secure location they were kept in.
If you are running an online business you have to guard your customer’s data with your life. Credit card information should be kept in a physical secure location separate from your other servers with armed guards in front of it (I am not kidding). The location should not only be physically isolated but also electronically. Credit card info should reach that location through end-to-end encryption from the customer. Any software that would need to operate on these credit cards should run inside secure location with a strict audited minimalist one-way API. You then employ a group of hackers whose goal in life it is to break into this facility. Credit card information should not be allowed out of the location ever, not physically, not electronically.
Comments
I wish my bank was really aware of the importance of keeping customer information secure but the reality is actually very frustrating.
About a year ago I was working in a software project for the same bank I have my credit card and I remember how easy they gave us the electronic files with de credit card information of their customers (I don't think it's enough with signing confidentiality agreements as we did). I was very surprised about it and worst, I know they did the same with other software providers.
Then, about two months ago I noticed that my credit card and my personal information was stolen and used to buy some music in Internet. Now I have to pay for it because de bank rejected my claim and I can't stop wondering how much of it is the bank fault.
Posted by: Maria![[TypeKey Profile Page]](http://www.allthingsdistributed.com/nav-commenters.gif)
|
June 5, 2006 08:17 AM