I was never too comfortable having my credit card information stored by small and medium businesses.

Here is why: I thought to myself, what kind of information security measures and procedures would a small flower shop take to protect my information? Where are they storing my credit card info? How long do they store it for? Yes there is PIPEDA here in Ontario, but what if they are out of the country or in another province. How do I know they follow the guidelines? I don’t see anything on the website. These are questions I would probably never get the answers to – but I need to order flowers right?

A flower shop’s specialty is flowers, not IT right? The McAfee and GeoTrust badges they show on their website aren’t any comfort to me either. Reason being is it doesn’t speak to the human equation when it comes to information security. An employee can easily copy my number down over the phone or an employee could unwittingly download a piece of malware and their computer could become a mecca for credit card info to whomever controls that piece of malware.

Another situation I wasn’t too comfortable with was when I realized a popular bike rental service here in Toronto was storing my credit card info – I was allowed to log in to their website and edit my information. I can’t leave it blank, but luckily I could fill in random numbers.

In the case where you can’t fill in random numbers and are forced to enter a valid credit card, I recommend getting one of those pay per use credit cards and charge it up with $5. This way, if the online retailer were to be compromised, your credit can’t be affected because the hackers would have the wrong info and a credit card that’s not really tied to your name.

Small and medium businesses are low hanging fruit for anyone in a criminal enterprise. The majority of small and medium businesses don’t have to worry about state sponsored attacks because they have nothing to gain from them, unless its a small boutique shop offering designs in nuclear reactors. Small and medium businesses would have access to credit card and bank account information, which is what would attract many criminal enterprises.