I am shocked at the news out of the US that Target stored over the counter purchases customer credit card details including name, number, expiry and CVV in their POS software – and that around 40 million records were stolen in a security breach experienced by the giant retailer.
My shock is that Target kept all this information about over the counter customers in their POS system. If I was a Target customer with my card data now in the hands of criminals I’d be angry at the retailer for poor data management.
I know that newsagency software from Tower Systems, the company I own, does not store this information for over the counter purchases. Customers purchasing at a newsagency using, for example, the Tyro integrated EFTPOS, the newsagency software does not have any visibility of or access to customer credit card details. This arms-length approach is far more secure than the approach taken by Target.
While newsagents can turn on a facility to collect and store credit card details separately, they would need to take this action – and most don’t. Even then, however, the data is encrypted and the CVV is not stored as added protection.
Even though newsagency software offers better security over card numbers than the POS used by target, what has happened to them and their customers this week is a reminder for us to be vigilant with customer data.