Rebuilding Trust

9:00 AM -- WASHINGTON, D.C. -- Today I'm attending a little shindig hosted by Visa and Harvard Business School Publishing. It's called "Maintaining Trust In Payments: A Security Summit," and it features the CEOs of Visa and eBay, as well as many of the security honchos in retail and financial services.

Now, I'm writing this before I've even heard the morning keynote, but I have to say I'm already a bit skeptical as to how much such a summit can accomplish. When it comes to credit cards, at least, the online public has already stepped out into the street and been run over by a bus. The problem is not maintaining trust, it's regaining it.

Even if consumers could put aside their fear after the loss of more than a decade's worth of credit card data at TJX, they are constantly bombarded by phishing scams purported to come from eBay and its payment arm, PayPal. The black hat community has a whole new class of criminals, "carders," who spend their days doing nothing but finding ways to steal payment card information. And it's working: Experts say criminals today can buy a hacked credit card at auction for less than it costs to see "Breach" at the movies. (See Stolen Data's Black Market.)

And this might be just the tip of the iceberg. In a study scheduled to be released today, the IT Policy Compliance Group will report that 70 percent of companies experience between three and 22 breaches of sensitive data each year. And that's just the majority -- about 20 percent of companies experienced more than 22 breaches last year. (See A Breach a Month – Or More.) From what we can tell, users' personal data isn't just at risk -- it's a hostage in a prisonwide jailbreak.

So while I laud the retail and financial industries for recognizing the need for a summit, I'm a little surprised that it's taking the form of the Dick Cavett show, with honchos from retail, financial services, and government participating in panel discussions and PowerPoint presentations for interested attendees and lowly editors like me. These industries don't need a boat show. They need all of the principals to go into a smoke-filled room and stay there until they've come up with some definitive, workable answers for handling and protecting credit card data.

I'm probably speaking too soon -- heck, I haven't even gotten to the summit yet. Maybe government officials, retailers and financial services people need an event like this to get the conversation going, sort of like blue-footed boobies need to do a little dance before they can mate. But I sure hope something substantive comes from the discussions, even if it's just goodwill among the interested parties.

Because if something isn't done soon, the trust these folks are trying to "maintain" may slip beyond regaining.

— Tim Wilson, Site Editor, Dark Reading