Customer data breaches common

The experience of unauthorised access to customer information may be more common in Australian business than is generally assumed, according to new research.

Technology company IP Payments released the results of a survey yesterday that shows one in 25 Australian companies have suffered a breach of customer financial data.

The survey, conducted by AMR, was based on responses from 150 executives responsible for their company's business banking and whose companies have an annual turnover of A$30 million or more.

The report, Australia's Credit Card Security Problem, said: "Although there have been few recorded instances of breaches in Australia, that does not mean they have not happened. Customer credit card data is not being kept safe."

IP Payments' technical director, Mark Lewis, said the research indicated that the cause of the problem was management ignorance of payment card data security standards.

Seventy-seven per cent of respondents said they had not heard of Payment Card Industry Data Security Standard compliance.

PCI DSS was developed by the major card schemes and launched in 2004. Australian merchants storing customer financial data have had an obligation to be compliant with the standard since the beginning of 2011.

Lewis's assessment is that many merchants are not compliant.

"The card schemes and the banks enforce compliance through their merchant agreements, but they have not wanted to use a big stick," he said.

"What the banks need to be doing is giving their customers more expert guidance on this issue.

"In the meantime, merchants' security systems have struggled to keep up with lots of changes that have been designed to give consumers greater convenience."