Dec 12, 2014 · 1 minute

A study commissioned by the Sophos security firm shows many retailers in the United Kingdom don't train their staff to recognize credit card fraud and have not worked to protect consumer data even though they believe "the risk of credit card fraud will increase in the lead up to Christmas."

The study, which surveyed 250 information technology "decision makers" at various retailers, reports that 72 percent of respondents "have not implemented fundamental security required to safeguard both business and customer data" even though 14 percent were somehow affected by credit fraud within the last year. (A larger 33 percent of them were affected by fraud in general.)

Retailers are also said not to have employed basic encryption standards when transferring data. That lack of encryption could allow hackers to gather information about a credit card's expiration date, verification number, cardholder, and associated account number as it's being processed.

This isn't idle speculation: all that information was stolen from Charge Anywhere, a company that transfers payment authorization requests between retailers and payment processors, because it didn't encrypt some of the files that traveled along its network. This allowed a hacker to intercept the requests as they moved along Charge Anywhere's network and view their content in plain text.

"For an industry responsible for holding and safeguarding so much sensitive customer data, it’s worrying to see the level of over confidence and lack of awareness surrounding cyber security," said Sophos' global head of research in the company's report. "What amazes me is how often the breaches are the result of incredibly simple failures of policy, training or technology and not the result of cyber criminals being particularly clever."

A similar study in the United States might reveal the same information. It sometimes seems like a week can't pass without some retailer or another, from Target and Kmart to the Home Depot and Dairy Queen, revealing a data breach affecting tens of millions of consumers in the aggregate.

[Illustration by Brad Jonas for Pando]