Magazine article Public Finance

Locking Down Your Data

Magazine article Public Finance

Locking Down Your Data

Article excerpt

The public sector handles millions of financial transactions every day and now that data security is at the forefront of general debate, there is a continuous requirement to raise security levels. For a local authority to improve its security this can mean upfront investment and a full review of existing processes, which require substantial time and resources.

So why should it take this route, where should it start, and what are the benefits and challenges involved?

The reasons for ensuring security of financial transactions are clear. Not only is this viewed as a duty of care to customers but it increases public confidence in an organisation and gives citizens more choice in payment methods.

There are also financial benefits for a local authority. For example, banks charge councils a specified transaction rate each time a credit or debit card is used to make a payment such as council tax. But few people realise that the higher the level of an organisation's security, the lower the transaction rate. Improving security could contribute directly towards reducing transaction fees.

With the public sector handling a multitude of transactions each day, this could make a big difference to an authority. One council cut the amount it was charged for credit card payments by 21% and for debit card payments by 24%, saving thousands of pounds in one year.

Risk assurance is also vital. The cost to any organisation of carrying out remediation following a breach is considerable. It involves the loss of productivity while staff handle the problem, not to mention the public's new-found willingness to sue. An authority that recently went through a remediation put its total costs at more than £250,000.

Lastly, it is now mandatory for a large number of merchants. Many organisations that accept card payments are required to comply with the Payment Card Industry Data Security Standard (PCI DSS). Few local authorities already do and although publicity from the banks about this standard has been fairly low-key, this reduces neither the requirement to comply nor the financial penalties for those that fail to.

So where to start? One of the challenges is to agree who in an organisation would be responsible for ensuring compliance. Is it the finance or the IT department, or a combination of both? …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.