The Security of Online Commerce

In mid-March, BJ's Wholesale Club announced it was investigating a security breach that involved theft of credit card information from its computer network. Company officials ordered an exhaustive review of the retail outlet's state-of-the-industry technology systems with a leading computer security firm. Following that review, BJ's ruled out the likelihood of a centralized security compromise and implemented several measures on its club-level systems to eliminate possible avenues by which credit card information could be accessed.

According to computer security experts, BJ's management did two things right: one, it didn't hide its possible security leak; and two, it didn't rely on its own IT staff to sweep the system for security holes.

Those two steps are critical whether the potential security intrusion touches a Fortune 500 corporation or a small e-commerce business. But the BJ's credit card theft highlights a mistake often made by both big and small Internet commerce firms. They wait until a security break-in occurs before seeking outside security certification.

Read Full Story