Well I never!
For the past few months I have been ranting about the importance of access to customer credit card information and the possible ramifications if someone untrust worth working in an organization got hold of the information. Tonight I hear that this has happened.
We are so busy protecting ourselves from external intruders that we sometimes miss the most obvious point of attack, from inside.
I was investigating the possibility of inegrating a well known piece of accounting software into our CRM and realised that the credit card info is stored in plain text. Imagine my horror as I started scrolling through credit card details which contained verification numbers and suddenly I was overwhelmed with the thought of what could be done with this info.
I understand that you can't stop everyone from accessing this data BUT you can audit the access. The idea of allowing call centre staff to access this information is WAY beyond me. Call centres probably have the highest staff turn over and they say that a large percentage of hacks are done by disgruntled employees.
I am putting some more thought into this topic and will post my solutions when I have some.
Till then stay safe and stick to the rubber cheques :)
