The response to the Moonpig breach has been particularly slow. Based on the researcher’s analysis, authentication was not in place for consumers. For a company to be aware of a basic security issue for more than 17 months is gross negligence. Because companies that process payments are custodians of customer data, they have a legal and, I would argue, ethical obligation to protect that information.
Free eBook: Modern Retail Security Risk – Get your copy now.
From a legal and regulatory perspective, ICO (UK jurisdiction) and Payment Card Industry (PCI) mandates require stronger security practices, such as data encryption for safeguarding consumer privacy. In my view, companies also have an ethical duty to protect consumer privacy. When customers hand over their data for a commercial transaction, they should be able to trust that the vendor will take sufficient measures to protect that data. As any good salesperson can attest, trust is an inherent component of the customer relationship.”
By Bob West, Chief Trust Officer, CipherCloud
About CipherCloud
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.