Posted on August 5, 2005 by DWT

The Risks of Unencrypted Data Transmission

  • Email This
  • Print
  • Comments
  • Share Link

Business managers responsible for data security may be investigating what they can do to avoid the fate of BJ's Wholesale Club. The Federal Trade Commission issued a complaint against BJ's for failing to safeguard data regarding credit and debit cards that BJ's customers used at its stores. The FTC alleged that BJ's lax security, which included BJ's transmission of unencrypted payment card data within its stores over WiFi systems, was an unfair practice.

The FTC entered into a Consent Order with BJ's on May 17, 2005. The Consent Order requires BJ's to implement administrative, technical and physical safeguards to protect consumers' data and to have those safeguards audited biannually for 20 years, among other things. See 4 Privacy & Security Law Report No. 29, 946-48 (BNA July 18, 2005).

BJ's likely could have prevented thieves from easily accessing its customers' payment card data if it had followed the Payment Card Industry Data Security Standards adopted by Visa, MasterCard and others in December 2004. A copy is available here. The PCI Data Security Standards provide a concise description of the safeguards businesses should implement to protect credit and debit card data. Businesses that process payment card charges are required to follow the standards. Any business that processes sensitive data should review the PCI Data Security Standards because they can be adapted to protect most electronic data.

Posted by Randy Gainer
Tags: ,
Trackbacks (0) Links to blogs that reference this article Trackback URL
Comments (0) Read through and enter the discussion with the form at the end
Post A Comment / Question Use this form to add a comment to this entry.







Remember personal info?
Send To A Friend Use this form to send this entry to a friend via email.