Friday, April 09, 2010

Why Merchants Hold Onto Credt Card Data

A study by the Ponemon Institute that surveyed 155 PCI Qualified Security Assessors (QSAs) found that merchants hold onto customer credit card data primarily to handle chargeback resolutions (83%), as well as for customer service follow-up (68%):  see chart below.

The study did not indicate how much of the stored data is in encrypted or tokenized formats, although it did indicate that some merchants felt that encryption was an unnecessary expense if other safeguards (typically classified as "compensating controls") were in place to protect the data from unauthorized access.

The study also found that in the opinion of 42% QSAs, Level One merchants are not making data security "a strategic priority."

No comments:

Web Analytics