Canadian Retailers Urgently Need Security Guidance: 6 Essential Measures to Protect Customer Data

TORONTO, Jan. 27, 2014 /CNW/ – In the wake of the colossal Target security breach that compromised over 100 million customer accounts and may yet impact hundreds of thousands of Canadian consumers, the US banking and retail sectors are waging vocal fights to assign blame and pin responsibility on one another.

According to a Canadian expert, this is a flawed and short sighted approach that fails to adequately frame the problem, missing such critical factors as legislation, implementation and rapidly evolving threats. To protect payment card data and customer information, Canadian retailers must at minimum:

  1. Comply with Canadian privacy law
  2. Adhere to the PCI-DSS 3.0 standard
  3. Adopt EMV payment systems
  4. Employ intrusion detection technologies
  5. Conduct employee background checks
  6. Deploy physical security measures

Canadian retailers have a false sense of security

Fundamentally, the Canadian retail sector is missing a critical backbone of security legislation and enforcement for breach notification. This has chilling economic consequences ranging from unavailable statistical information to insufficient investment in data protection” said Claudiu Popa, security author and Principal Risk Advisor with Informatica Security in Toronto. Companies have been tracking the same loss prevention and theft metrics for decades, but sophisticated breaches are now attacking large chains like Neiman Marcus, Target and potentially Michaels, another US retailer with a Canadian presence. “The focus on loss prevention and theft must be urgently supplemented with adequate investment in privacy and security measures. Information, especially customer data, is more important and damaging than the theft of tangible goods” added Popa.

The company urges Canadian retailers, banks, transactional processors and insurance companies to use these measures and conduct more stringent security reviews or penetration tests to get ahead of emerging threats.

About Informatica Corporation:

Informatica Security is Canada’s first Information Risk Assurance as a Service (RaaS) company and only provider of the Verify™ Assurance Pack, a corporate self-assessment including security (PCI-DSS 3.0), privacy (PIPEDA) and anti-spam (CASL) compliance resources for retail and other sectors. Certified Risk Advisors provide security reviews, penetration testing and trustmarks to Canadian organizations that demonstrate awareness, responsibility and verifiably secure practices.

SOURCE: Informatica Security Corporation

For further information: For commentary and media interviews contact: Claudiu Popa, CEO, Informatica Corporation, email: [email protected], web:, Twitter @datarisk, 1 Yonge St. Toronto, Canada, 416-431-9012

Link to original article.