Magazine Article | September 1, 2005

Multichannel, Multirisk

Source: Innovative Retail Technologies

E-Commerce is the new LP (loss prevention)/security frontier. How are you protecting consumer data?

Integrated Solutions For Retailers, September 2005
Ed Cleary

Fittingly, Integrated Solutions For Retailers' Editor In Chief Matt Pillar and I were making the 6-plus hour drive from our office in Erie, PA to the E-Tail East show in Philadelphia last month when the call came in. My wife was on the other end of the line, and she informed me that GM had called with bad news about the GM-branded credit card I carry. It had been compromised and I was instructed to call the customer service line to cancel the card and start a new account. Despite a lost cell phone connection as we navigated our way through the foothills of the Allegheny mountains, my credit card company made the whole process go smoothly. I was able to get my account back in order and use the card on the trip well before we arrived at the Philadelphia Marriott. The expense and pain incurred by GM in the wake of the breach, however, was no doubt astronomical. The following day, I spent lots of time talking with companies at the show about this new breed of retail LP threat.

Vendors Respond To E-Commerce Security
The major credit card firms (American Express, Diners Club, Discover, MasterCard, and Visa) have mandated policies and procedures to ensure protections are in place to minimize the damage done by a compromise of personal credit card information. PCI (payment card industry) security initiatives like these hold the retailer responsible. Failure to meet the prescribed security standards could subject your organization to fines up to $500,000 per incident. That said, retailers are holding the vendors they work with accountable to help them shoulder the burden of security standards. Many vendors charged with handling credit card data, such as network providers and database administrators, must also comply with PCI security standards. Others recognize that failing to do so could cost them business and are therefore voluntarily complying.

This month, we'll be learning more about the threats online retailers face when we attend the Shop.Org conference Sept. 12-14 at the Venetian Resort And Casino in Las Vegas. Nearly 100 e-commerce vendors will be on hand to demonstrate their solutions. If you'll be there, be sure to ask those you talk to what they're doing to comply with PCI security mandates.

Are you a multichannel merchant feeling the pressure to comply with security standards? Have the e-commerce horror stories told in the mainstream press hampered the success of your online sales? Share your concerns and successes with us by contacting me directly at