TulipTools Internet Business Owners and Online Sellers Community

Quote:Retailers that don’t encrypt customer information risk database breach

Retailers that don’t encrypt confidential customer information risk database breach Online retailers put themselves at risk for a database breach if they hold unencrypted confidential customer information on their disk drives, says Scott Sweren, National Practice Manager for Fortrex Technologies Inc., a data security company.

“A lot of companies aren’t appropriately encrypting that data,” he says, adding that retailers shouldn’t be storing confidential data—such as credit card account numbers—related to a purchase once the sale is completed

full article: http://www.internetretailer.com/dailyNews.asp?id=17937

A related article:

Quote:Online commerce sites are failing to encrypt financial transaction data despite an increase in security threats, a government report has revealed.

According to the UK's Department of Trade and Industry's (DTI) biennial Information Security Breaches Survey, less than 66 percent of Web sites are encrypting customer data that they receive.

Smaller e-commerce firms are the worst culprits in terms of lax security, with less than a third of sites encrypting payment card and other financial information entered by customers when making a purchase...

full article: http://www.newsfactor.com/news/E-Commerc...3001J65OH4

My customers card data is never stored on my server and I know my card processor encrypts their data. Don't Visa and Mastercard's new compliance rules prohibit storage of credit card numbers?

I'm curious as to why merchants don't ask their site developers if the cart software provides secure, encrypted database storage of customers account information. 

Quote:why merchants don't ask their site developers if the cart software provides secure, encrypted database storage of customers account information

...because they don't know a thing about web sites, shopping cart software, or databases and trust their web developers and software providers to make the right decisions would be my guess.   

Software developers have to share some of the blame for selling products that they know aren't secure and failing to mention the little fact that their $500-$1000 product doesn't encrypt data that is stored in its database.