Identity Angst (Or Who Are You? I Hope Not Me)

The past two weeks have prompted some security soul-searching on the part of many retailers and just about any company that deals with POS or e-commerce transactions. We've commented about the TJX credit card number theft incident, and also published a news analysis about what POS solution providers can do to button down defenses for their customers.

This problem isn't going to go away.

Researcher Gartner recently released estimates projecting that approximately 15 million Americans were the victims of identify theft through mid-2006, which was a 50 percent increase over the previous year. The TJX incident alone involved 45.7 million credit card numbers. (Although I'm not assuming a one-to-one ratio of card number to shopper, that's a lot of people.) The average amount of money lost to identity theft rose to $3,257, up from $1,408.

The question is, what accommodations are you as a solution provider able to make for this?

Consider that this data has been lost in many different ways.

Most people worry about their personal information being swiped during the wireless transaction (stolen over the ether, so to speak), but the TJX incident involved gaps within the company's core systems infrastructure. Other highly publicized incidents have involved misplaced or stolen notebook computers.

It's just another indication that security know-how is becoming core to just about every solution provider's agenda. If you're a storage VAR, have you put the right protections in place to gate access to certain data. If you're handling lots of mobile solutions, have you put encryption and other client-side data protection schemes in place. Can you assuage your customers' concerns?