Retailers fail to monitor credit card data access

Many businesses carrying out card payments are unable to track who has been accessing data

Security breaches in retailers' financial data can go unnoticed for an entire day

Many UK retailers handling credit card transactions have no visibility of who has been accessing data within the company network, according to research by Vanson Bourne on behalf of supplier LogLogic.

Almost half (45 per cent) of the 60 medium-to-large UK retailers polled – which include supermarket chains, department stores and clothing retailers – are unable to track and trace data access.

Problems cited by the IT directors surveyed include budget restrictions (24 per cent), time (14 per cent) and other priorities (41 per cent).

But the survey’s results also question the efficiency of businesses that claim to have tools to manage data accessibility.

Some 55 per cent of the companies polled said they are able to track and trace data, but only a quarter are able to identify and analyse potential security breaches within one hour.

By comparison, only 31 per cent did not have an idea of timescales involved to track and trace data and 14 per cent said their internal tracking processes can take as long as eight hours - the equivalent of a working day.

The survey’s results are not surprising, said Butler Group’s information management practice director Richard Edwards.

“The demands of exploding data growth and regulatory compliance, combined with regulations such as payment card industry data security standards (PCI DSS) are fuelling the need for organisations to implement processes that ensure financial information is managed in a transparent, consistent and professional manner,” said Edwards.

“In large organisations this task can consume a large amount of resources, and in smaller organisations it is often neglected altogether,” he said.