Google (GOOG), the National Retail Federation and Canada’s Privacy Commissioner (just to name a few) all seemingly agree — Web retailers/merchants should not hold customer credit card numbers. Why? They don’ t need to and when they do liability increases. They’re exponentially “more responsible” to lock down and secure the private financial information entrusted to them by customers.
Combine this with the momentum behind Google’s Checkout (consider PayPal’s defensive reaction to it for starters) in terms of customer and merchant adoption… and we’ve got a ringer. Clearly, merchants will move away from holding customer charge card information in the future. What’s hastening it? The entry of third parties (i.e. Google, PayPal) that exist to offer that same convenience in ONE place (thus eliminating worry over having your private information scattered among merchants).
Google, PayPal, retailers, government agencies, consumer privacy advocates and consumers themselves are all moving in one direction: toward allowing a SINGLE party to provide transaction processing and data storage.
“If the goal is to make credit card data less vulnerable, the ultimate solution is to stop requiring merchants to store card data in the first place,” says David Hogan, chief information officer of the National Retail Federation in a letter to the Payment Card Industry Security Standards Council.