Feel it's my duty to pop any Valentine's bubbles out there. I reckon it's nothing more than a cynical marketing ploy dreamt up by a syndicate of greetings card vendors and restaurateurs designed to relieve us of as much money as possible. Got a girlfriend and you'll end up paying; don't and you'll end up feeling miserable because everyone else is out enjoying themselves. Bah humbug.

There’s been less in the news this week about the anniversary of chip and PIN on the high street – coincidentally also on February 14^th – than I thought; maybe that’s because largely it’s been a great success in slowing down fraud and we don’t like success stories very much  in the media. But what is also happening is that criminals are, as always, targeting the path of least resistance, which is currently online. The take-up by retailers of Verified by Visa and MasterCard SecureCode schemes, which both add an extra layer of security, or more passwords to type in when transacting, has been woeful, despite the rather sizeable carrot of the card companies guaranteeing to accept financial responsibility for any fraudulent transaction.

Apacs says it is hoping to see the trial of two factor devices which will generate a unique passcode to type into V by V or SecureCode pop-up boxes instead, which will make it a bit more secure again. Although quite how many barriers customers are prepared to endure en route to a simple transaction remains to be seen.

Firms must also beware of the risk of data breaches in other areas, not just at the point of transaction. PCI standards are intended to ensure firms take this matter seriously, but there is widespread confusion as to when and what firms this applies to. And as CA’s Steven Cox told me, very few firms own their entire IT systems from end-to-end – the weak link targeted by criminals will be third parties like couriers and back-up companies. We intend to take to the streets later and do our own IT Week research on the good people of London town. Maybe firms need a little gentle reminder of what the public think about those handling their data. The Nationwide case this week has shown there can be financial as well as less tangible brand costs to pay for lapses in security.