PCI compliance helps protect Zappos customers

PCI compliance helps protect Zappos customers

While the eCommerce shoe sales company Zappos' security breach probably set off alarms in the heads of many customers who learned that thousands of names and partial credit card numbers were stolen from the database, Matthew Schwartz writes that it could have been much worse without PCI compliance in place.

In an InformationWeek article, Schwartz said cryptographically storing credit card numbers is a PCI DSS requirement, but that doesn't mean every company always does it. While many don't have correct storage methods, the thousands who were compromised by the Zappos hacking are probably glad the website does.

"The good news is that it looks like Zappos credit card information was encrypted or not stored in a way that hackers could use," said Mark Bower of Voltage Security. "So this is proof that protection can help with safeguarding customer data in the event hackers get their hands on it. More merchants should be taking these kinds of measures."

Other companies should take steps to help increase IT security by using PCI complaince to help guard credit and debit card numbers of customers.