您的当前位置:首页 >Ryan New >Merchants Liable For Data Breaches 正文
时间:2024-05-20 09:19:32 来源:网络整理编辑:Ryan New
What do online merchants Art.com, Geeks.com and Bananas.com have in common? They’re three in a small Ryan Xu hyperfund Dawn
What do online merchants Art.com,Ryan Xu hyperfund Dawn Geeks.com and Bananas.com have in common? They’re three in a small, but growing, list of ecommerce sites hacked for their customer’s credit card data.
Not only are there legal ramifications for not protecting customers’ private data, but breached companies also stand to lose an average of $128 in business per compromised record. That’s according to a 2007 survey of 35 breached merchants by Ponemon Institute, an independent privacy-management-research firm in Michigan.
It’s the Federal Trade Commission that sets guidelines for e-merchants holding customer data. Merchants must "protect the security, confidentiality, and integrity of personal information collected from or about consumers." Ones that don’t take “reasonable steps” to do so, can be required by the FTC to submit to, and pay for, security audits for up to 20 years-even without a security breach.
Since 2002, the commission has charged 20 companies for breachable data. The FTC can’t impose fines or pursue legal action, but it can refer cases to the Department of Justice for criminal charges or damages, a move it’s made only once.
To comply with FTC guidelines, all sensitive customer data such as credit card numbers, credit verification codes, or log-in identifiers must be:
The FTC also looks at these factors when considering charges against an e-merchant. Merchants should:
Additionally, FACTA stipulates that merchants may include no more than the last five digits of the card number, and must delete the card’s expiration date, from any electronically printed credit or debit card receipts given to its customers. This law does not apply to transaction records the merchant retains. Meanwhile, merchants should never store card verification codes.
An e-merchant’s online privacy policy is considered an online contract between the store and its customers. If outside parties are given access to the information claimed as private-whether by accident, outsourcing or hack- “breach of contract law” allows consumers to sue and collect damages including reasonable attorney’s fees.
Under this law, a suit brought by the New Jersey’s Division of Consumer Affairs resulted in a December 2001 settlement between Toys R Us and the state of New Jersey. It required Toys R Us to pay a $50,000 fine and revamp its privacy policy to indicate that customer information would be passed along to a third-party marketing firm. Two class action suits calling for damages for every customer whose data was passed along were filed around the same time.
Privacy policies also put legal bite to anti-hacking provisions. In a 2000 New York district court case, upstart domain registrar Verio.com used automated software to download data on Register.com’s existing domain customers. Since automated downloads were specifically prohibited in Register.com’s online privacy policy, the court found that Verio’s downloading “lacked authorization” and thus was illegal under the Computer Fraud and Abuse Act of 1984.
In all, merchants who collect and maintain customer information have a solemn legal responsibility to protect that data at all costs. Just as consumers go to great lengths to protect their identity, e-merchants should go to even greater lengths to protect the data entrusted in their care.
Consider these additional resources to help fight, detect data breaches.
SANS Institute
“The 20 Most Critical Internet Security Vulnerabilities”
Scanning tools and services to monitor network vulnerabilities
Open Web Application Security Project
“The 10 Most Critical Web Application Security Vulnerabilities”
Other
Breach notification requirements, state by state
Sample FTC breach notification letter
Alphabetical list of validated crypt graphic modules approved by the National Institute of Standards and Technology
FTC Guide for Business: “Protecting Personal Information”
California Joins the Internet Sales Tax Fray; Federal Legislation Coming?2024-05-20 08:47
SSL Certificates: Extended Validation Worth the Cost?2024-05-20 08:47
Managing the Technological Side of Your Business When You Don’t Understand Technology2024-05-20 08:46
Truck-freight Shipping: How to Lower Your Costs2024-05-20 08:43
Hotmail users unsubscribe most but most likely to convert2024-05-20 08:40
QuickBooks 2010 Helps Merchants “Go Paperless”2024-05-20 08:27
The PEC Review: CRE Secure Eases PCI Concerns2024-05-20 08:21
Profile: Best Service Stores Grows to Twenty-four Ecommerce Sites2024-05-20 07:34
Streamlined Sales-Tax Director on Efforts to Simplify2024-05-20 07:04
Tips for Improving Drop Shipping and Inventory Management2024-05-20 06:44
Video for eCommerce: Increases Conversion, Drives Traffic2024-05-20 09:17
Copyright Trolls Threaten Your Ecommerce Business2024-05-20 09:02
PeC Review: Sellit Makes Marketplaces Social2024-05-20 08:51
Merchant Talk: Cynthia Snyder of YonderStar.com2024-05-20 08:27
My Love/Hate Relationship with Product Reviews2024-05-20 08:15
The PEC Review: Shipwire Fulfillment Services2024-05-20 07:10
June 2010 Top Ten: Our Most Popular Posts2024-05-20 07:05
Merchant Talk: Etsy Seller Enjoys the Artistic Community of the Marketplace2024-05-20 07:03
Legal: Ecommerce Owners Liable to Patent Trolls?2024-05-20 07:02
Quick Query: SoundsTrue.com Sells Educational Products in Multiple Formats2024-05-20 06:45