Retailers admit inability to track-and-trace card fraud
Almost half - 45 per cent - of medium-to-large retailers in the UK handling credit card transactions are unable to track-and-trace who within the company network has been accessing data, claims a survey by log management firm LogLogic
Restrictions on budget (24 per cent), time (14 per cent) and other priorities (41 per cent) were cited as the reasons why concerned IT directors did not have systems in place to track-and-trace data access.
Of the 55 per cent who are able to track and trace data access, only a quarter are able to identify and analyse potential security breaches within one hour.
Some 31 per cent did not know how long it would take to track-and-trace, while for 14 per cent of those surveyed it can take more than eight hours.
Despite the launch in 2004 of the PCI Standard, which is designed to protect card holder data, only 14 per cent of respondents admitted that they had reached PCI compliance. Only 25 per cent of respondents said that senior management within their company viewed PCI as a valuable mandate with obvious benefits to the company and its customers.
In contrast, given the choice, 65 per cent of the IT directors surveyed said that, as a consumer, they would personally feel more re-assured purchasing from a retailer who was PCI compliant.
The survey questioned 65 IT directors in the UK in February 2008. It was conducted on behalf of LogLogic by research house Vanson Bourne.
Image: Only 14 per cent of respondents to the LogLogic survey admitted that they had reached PCI compliance
What do you think about the issues raised in this news story? Share your views at the Information Professional discussion forum.
More IT industry news from the IET