Credit Card Companies Will
Have to Draw the Line"> You cant just put a few Linksys cards and a router in, you have to get professional network management tools from a vendor like AirWave that can actually audit the network and enforce policy. And when it comes to the flower shop in town, you can forget the possibility that it or the guy it bought its systems from know anything about network security. If only 17 percent of large merchants are compliant, the number of small merchants must be puny.Ziff Davis Media eSeminars invite: Learn how to proactively shield your organizations against threats at all tiers of the network, Symantec will show you how, live on March 21 at 4 p.m. ET. Sponsored by Symantec. Clearly, cost pressures on large merchants are tremendous, and as a consumer Im all in favor of big stores driving prices down. This is a good example of a floor on the process, which regulates how quickly and wildly they may grow. Once again, as a consumer, I cant complain. The money merchants spend on security of financial information is money spent in my interests. Visa and MasterCard are so big and powerful they cant throw their weight around too conspicuously or theyll get in trouble, so they really do need to give merchants every chance to comply. In the meantime though, security breaches are costing them and their member banks big bucks. The Wall Street Journal article stated that Citigroup, Washington Mutual and Bank of American are part of a group of banks that have been invalidating and replacing cards that only may have been compromised in the most recent card data loss. This in spite of the fact that it can cost up to $20 every time they do that. This cant go on much longer. So at some point the credit card companies will have to start switching off service to merchants who dont meet the requirements, or merchants will get the message that the threats are empty. Its possible they could go the carrot route rather than the stick and offer financial incentives to compliant merchants. Or they could do both. When either happens, look for outraged merchants to pony up money to lawyers that they were unwilling to spend on security. Thats when youll know who you want to do business with. Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at firstname.lastname@example.org. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Its true they are held to a lesser standard, but this doesnt make me feel any better. Im more comforted by the fact that theyre less likely to be the target of e-thieves than a large store with lots of data.