Theft of credit card data and your personal information has become a way of life. Recent data breaches at Target, Neiman Marcus and other national retailers highlights this fact. The unfortunate truth is with a little transparency much of the damage done to consumers could be minimized or eliminated entirely.
Since 2004 the major card brands have published guidelines merchants are expected to follow intended to protect consumer ‘s credit card information. However despite these mandatory guidelines and the financial penalties associated with failing to adhere to these controls data breaches are on the rise.
There are at least two reasons why merchants ignore the Payment Card Industry (www.pcisecuritystandards.org) guidelines.
First is a lack of enforcement. Credit card processors have been tasked with policing their own customers. There appears to be a conflict of interest for processors who makes money from merchant credit card transactions to also police the compliance of the merchants. The penalties for failing to comply could include financial penalties or termination of their merchant account.
The second reason is that there is a lack of transparency as to the merchants compliance posture. Take the hotel industry for example. How is the consumer to know if a hotel or resort adheres to all of the required security measures prescribed by the PCI Council and if they have implemented all of the safeguards? Million of consumer’s hand over their names, address, phone number, identification (drivers license or passport) and credit card information to hotel clerks that have not been trained in the proper handling of personally identifiable Information (PII). All to frequently clerks have been known to make copies of a guests information and either sell the information or make illegal purchases on the guests account.
More often then you realize identity theft begins here. It may not make the national news because it doesn’t always occur in the volume of a Target breach but the effect on the consumer is the same. That’s not to say large scale data breaches don’t happened at major hotel chains because they do.
Posted in: Hospitality