Some seriously bad news for data security came out awhile back. According to the 2009 Data Breach Investigation Report, there were 295 million data records stolen (or breached) last year. That is more than the previous 4 years combined! Also, according to the report, 64% of these breaches were done by hackers, while 38% were done through malware.
These are some shocking numbers, and keep in mind also that this is not a report on personal computer attacks, but large scale ones. Specifically, large companies with customer data were targeted. We’re talking about thousands or millions of records at once!
Now, I know that this makes Internet shopping seems like a scary idea, but there is also something to be gained from this report, too. What it shows is that more than 75% of the successful attacks were made against companies that were not PCI compliant.
What is PCI compliance? According to our good friends at Wikipedia:
“The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The standard was created to help organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations which hold, process, or pass cardholder information from any card branded with the logo of one of the card brands.”
So, how do you know if a site is PCI compliant? Not all sites actively announce their compliance, but many will show some sort of security proof. For example, on our software store you will see this image in the top right hand corner:
If you click this button on our site (or any other site for that matter) you will be shown a page from Mcafee that certifies the security compliance of the site. While we choose to use Mcafee as our certifying company, there are many others. Next time, before you make a purchase, take a look at the site to see if they are certified!
Until next time, Stay safe out there.