The PCI Lessons From Google’s Employee Data Breach

Walter Conway writes:

When Google this month fired a programmer for using the search giant’s database to investigate an intriguing teenager, it showed that even the most sophisticated and respected technology brands can have a trusted employee go rogue. This lesson should not be lost on retail executives, who may rely on several third-party service providers to process or analyze their payments.

In Google’s case, the employee reportedly abused his privileges to access confidential user information. In a payments context, a similarly trusted employee at one of your service providers could have access to your payment card transactions and maybe even your systems. But could PCI prevent a data compromise?

The answer is probably not. But the more important question is: If a malicious employee at a service provider stole your payment data, would the fact that you are PCI compliant reduce your exposure?

Read more on StorefrontBacktalk.

About the author: Dissent

Comments are closed.