Will it be Credit or Debit?
Technology presents today’s consumers and retailers with a whole new set of security challenges. Networks can be breached, personal identification information can be compromised, personal or corporate identities can be stolen that can potentially result in financial ruin. How far should management go in determining the security risks inherent in their customer data base? What level of managing those risks is considered reasonable? Brett Flayton, is CEO of Flayton Electronics, a role Brett took on after his father’s retirement. Flayton Electronics sells various types of consumer electronics and seems to have built a solid customer base. This essay takes an in depth look at information security and the consequences and responses a company faces when a breach of security takes place. As a company Flayton has to decide when and how they need to inform their customers about the security breach. The company must address any damages caused by the breach in their customer data and decide what type of policies and measures can be implemented to avoid any future breach in customer security. The case of Flayton Electronics proves how vital it is for companies to enhance the security methods used for consumer credit card transactions. Flayton was breached so severely that the scam crossed several states which required federal law enforcement to become involved. Flayton Electronics prides themselves on being an honest company that cares about their consumers so they were not only scared for their business but for their loyal customer base as well. The company has to come up with a strategy that will protect their loyal customers from identity theft. Information security is set in place to protect customer data from being accessed without authorization. Security is the most crucial component of electronic technologies restraints. Companies and organizations, such as, Flayton Electronics should have a security system in place that their consumers can trust. Customers should have a guarantee that their information cannot be read or accessed by anyone not authorized to do so. Flayton did not have a fully secure privacy system which left their customers at risk for an information breach. Flayton Electronics recently underwent software changes to become more PCI compliant. Apparently the compliance was more difficult than Flayton first thought and their security system was only running at 75% when it should have been at 100%, there was also a known problem within their firewall. The major issue Flayton Electronics faces is the neglect of maintaining a secure customer data base and failing to meet the PCI compliance standards to protect personal information and ensure security when transactions are processed using a payment card. Flayton dropped the ball when they neglected to follow reasonable measures to protect their company’s network by simply monitoring the network firewall that was in place. Flayton should have had a plan in place that would regularly monitor and track their customer data. This would identify and fix potential security problems as they arise. The most utilized breach in security is the human factor, which is harder to protect against. Flayton must limit access to cardholder data to only those persons that need to use it and assign a unique identification to each person that does have access. Considering that humans are generally the easiest part of a system to hack, and that employee ignorance does not relieve liability, it’s important to draft and implement a company-wide information security policy. Make sure that your employees know and understand their responsibilities with regards to cardholder data before it becomes an issue. CEO, Brett Flayton, was under the impression that his company Flayton Electronics was in complete compliance with PCI requirements. Sergei Klein, Chief Information Officer for Flayton Electronics, was in charge of making sure the company was meeting...
References: McNulty, E. Lee, J. Boni, B. Coghlin, J. Foley, J. “Boss, I Think Someone Stole Our Customer Data” Harvard Business Review Case Discussion. 10 pages. Publication Date: Sep 01, 2007. Prod. #: R0709A-PDF-ENG
Please join StudyMode to read the full document