Spotlight conversation with Christopher N. Long, CMO, Litle & Co.

Share this content:

Q: The debate over who's responsible for the security of credit card data is heating up since the September 30 deadline passed for retailers to comply with security standards designed by the payment card industry (PCI). However, many retailers still haven't implemented the standards. Now, the National Retail Federation is calling for credit cards companies to stop requiring retailers to store this information. Are the PCI security standards good ones?

A: The rules are good rules and, when put in place, can be effective at safeguarding data. However, they represent a humongous task on the part of retailers. Encrypting a database and storing the keys is not trivial, especially because some of these databases are 10 years old or have been built up in a patchwork fashion. Information technology is not one of retail's core strengths; it never will be, nor should it be.

Q: Is this lack of technical savvy why some retailers aren't implementing the standards?

A: There is a wide spectrum of security measures being deployed at retail and some are very good.

More than 3 million retailers accept MasterCard and Visa and an estimated 30%-50% of retailers are compliant with the rules. However, many of the security breaches that are happening these days are with big-box retailers that are new to the Internet game.

The other problem is that large merchants have to go through annual security audits that are extremely expensive and are an ongoing cost. The fact is that there are always going to be insecure databases because merchants are never going to get it 100% right.

Q: So what can be done to safeguard customer data?

A: We all want to keep customer data as safe as possible. The solution Visa, MasterCard, American Express and Discover Card came up with was to form the Payment Card Industry Security Standards Council last year and mandate that these procedures be put in place. There is, however, another solution: smart cards, that are like today's credit cards, except that they have a microprocessor chip embedded in them that stores all the customer's data. With a smart card, consumers have a PIN number and are given a unique order number every time they buy something. A purchase can't be made without both numbers. These cards, which are currently used extensively throughout Europe, take the security issue off the table. The problem is that they would cost the banks $12-$15 each to deploy, so those banks are not very interested.

Q: How do you think this issue of security standards for payment cards is going to play out?

A: There will likely be a few more security breaches and it's going to become clear that some other solution will have to be found. At that point, Congress may get involved and mandate something new.

Sign up to our newsletters

Company of the Week

Since 1985, Melissa has helped thousands of companies clean, correct and complete contact data to better target and communicate with their customers. We offer a full spectrum of data quality solutions, including global address, phone, email, and name validation, identify verification - available for batch or real-time processes, in the Cloud or on-premise. Our service bureau provides dedupe, email/phone append and geographic/demographic append services for better targeting and insight. For direct mailers, Melissa offers easy-to-use address management/postal software, list hygiene services and 100s of specialty mailing lists - all with competitive pricing and excellent customer service.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above