In the wake of major data breaches this year at Target, Home Depot, and JPMorgan Chase & Co., retailers are being forced to reexamine their policies surrounding data and security. Simply being PCI compliant is no longer enough – was it ever? Enhanced measures are necessary to adequately defend against malicious attacks by sophisticated hackers.
Armed with our experience and expertise in retail payment security, we recently published a white paper entitled “Best Practices and Tools to Thwart Hackers and Protect Customer Payment Data.” This blog post will highlight the key points contained in the white paper, though the white paper should be referenced for an in-depth analysis on this topic.
Growing prevalence of data breaches
Approximately 43% of all companies experienced a data breach in the past two years. Further, Between April and June of 2014 the retail sector led all industries in data breaches, with 145 million records or 83% of the total records compromised. This has resulted in depleted consumer confidence, devalued brand reputation, and most damaging of all lost sales. Case in point Target, who was negatively impacted to the tune of $148 million. The market for and value of stolen data has grown, incentivizing hackers to devise new ways to steal sensitive consumer data for profit. Retailers must evolve in pace with technology to reduce their risk of exposure.
A multi-tiered approach is vital
A security approach that employs separate but operationally conjoined layers of protection is a retailer’s most powerful line of defense. Industry best practices dictate implementation of the following:
- Single encryption point at the time of card swipe or data entry and a single decryption point at the processor (E2E) and;
- Tokenization at the earliest point possible outside of the environment and for all data at rest
- EMV technology to validate the card authenticity (for in-store purchases);
Unified commerce hurdles
One of the biggest challenges will be deploying a strategy that provides adequate protection without quashing progress that has been made in unified commerce.
As customers exceedingly desire a seamless retail experience, this will remain a struggle for retailers who desire to innovate yet are held back by technological constraints. Implementation of a best practice strategy can help retailers navigate this sphere effectively.
I encourage you to download the white paper to see our “6 Quick Hit Protective Tactics” and more details on payment security practices.
A top priority for all retailers must be to examine the adequacy of current information security practices. Retailers’ need to budget resources and funds to identify and implement measures that will protect the valuable consumer data your organization processes every day.
Do you have a comprehensive inventory of all sensitive data and a prioritized plan, which involves your vendor partners, to address all of the risk points associated with this data?
I am interested in any feedback or suggestion you have on this topic, including strategies and tactics that are working well for you. Please enter your comments below.