In terms of a brick-and-mortar retail or other business services environment, it's a different ballgame and corporations...
need to walk the fine line between causing the transaction to be painful for the customer and ensuring that it is secure. Again, it gets back to an organization's tolerance for risk and to what degree a company wants to inconvenience its customers by making them bring all sorts of supporting documentation to prove who they are.
The final point I'll make is that employees need to be trained to spot fake credentials and to ask the appropriate questions if they get suspicious. If employees don't enforce with the same level of scrutiny, then the tightest policy in the world won't matter too much. An enterprise also needs to have a defined process to deal with such situations quickly and effectively. Front-line employees shouldn't solely bear the brunt of a hacker that is trying to commit fraud.
Related Q&A from Mike Rothman, Contributor
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ...continue reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ...continue reading
When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.