Secure Your Customer Data: Here’s How
2. Be a detective. Your site’s order pages should be encrypted with the Secure Sockets Layer (look for the padlock symbol), a generic encryption technology that uses digital certificates, says Cobb. You can own the technology and apply it to your e-commerce site, use a service for it (e.g., Digital River), or your ISP can apply it to your site.
3. Follow the data. “When someone submits data to you, does it go to an unencrypted Web server and then into a clear-text database? If so, that’s dangerous,” Cobb notes. “Hackers may find the database and tap into it.” According to Cobb, hackers can log on to Google, type in “MasterCard,” a four-digit prefix and a generic expiration date such as 04/04, and up will come text files filled with a retail site’s customer credit card information.
“Make sure your data is being transferred to a secure and encrypted server,” Cobb advises. “If not, the chances of someone finding it online and stealing it are pretty high.”
You can’t duck in under the regulatory radar screen simply by telling customers in your privacy statement that you don’t really protect consumer data. That’s just bad business, of course. But if you say you’re protecting it and don’t, it becomes a deceptive business practice, and the FTC will come calling. “It only takes one legitimate consumer complaint to the FTC to bring the 500-pound gorilla onto your case,” says Cobb.
Consumers want increased privacy and security, and legislators are looking at regulatory agencies such as the FTC to do the job. The FTC, in turn, is sending a message to all businesses that it’s policing the data-security issue in the name of consumer protection.
You can reach Stephen Cobb, CISSP, of the ePrivacy Group at (212) 655-9392, email@example.com. The FTC offers guidelines for businesses on this topic. Visit: www.ftc.gov.