Debit Or Credit? Neither

I stopped using my debit card altogether a couple of years ago out of an intense fear that I would never recoup the losses if my card were skimmed in the grocery-store line or compromised at TJ Maxx. Now I casually slide my checkbook onto the card reader stand and perform that rare act of putting pen to paper while trying to avoid the annoyed stares of shoppers behind me in line who may lose a few seconds off of their shopping time because I didn't use plastic.But my check apparently isn't any safer. The Ponemon-Imperva study on PCI compliance report released this week found that 55 percent of retailers and organizations that take credit cards don't bother securing their customers' Social Security numbers, driver's license numbers, and bank account details. And 79 percent of retailers surveyed had suffered at least one data breach.

Those aren't great odds.

Sure, even if you swipe your credit card at a retailer that's PCI-compliant, there's no guarantee your credit card won't get breached anyway. But more worrisome is the attitude of many of the retailers in the survey: Most look at PCI as more of a "check-box" item than part of a strategic security initiative. If they're playing to the auditors, then who's really minding the store and its customer data?

Then there are the opportunistic retailers. These companies are using PCI to parlay some other IT security purchases they may not previously have had the funds for: "There's almost a dark side to this: They're putting things in the PCI basket that are really not PCI-critical and leveraging PCI for other security projects," says Brian Contos, chief security strategist at Imperva.

Whether or not that strategy is ethical, at least these retailers are focusing on security. And as long as they aren't just filling in more check-boxes, maybe my check will be protected.

Or maybe I should just use cash.

-- Kelly Jackson Higgins, Senior Editor, Dark Reading