Wednesday, January 18, 2012
Zappos, an online shoe retailer, recently suffered a data breach that exposed information of up to 24 million customers, but other ecommerce retailers can embrace several data security lessons from the company's incident.
According to an InformationWeek report, Zappos encrypted customer credit card data, so although hackers gained access to the private information, it's unlikely they can use the data. Encrypting payment information is a requirement of the PCI Data Security Standard, which regulates how businesses store, manage and secure cardholder data.
"The good news is that it looks like Zappos credit card information was encrypted or not stored in a way that hackers could use," Mark Bower of Voltage Security, told the source. "So this is proof that protection can help with safeguarding customer data in the event hackers get their hands on it."
The report said retailers should devise a detailed data breach response plan that includes a strategy for notifying and warning customers of the incident. InformationWeek said Zappos appeared to have a response plan in place, as employees and customers were quickly notified.
IP Commerce offers application developers the world’s best open platform (with free API’s, modules and templates) for fast and innovative ecommerce solutions. Get the API’s you need now – simply use our Free Online Integration Wizard to provide the details of your next ecommerce project and download the application tools you need.
