Why Data Security is Critical to Your Brand

Transcription

1 Why Data Security is Critical to Your Brand

2 Why security is critical to your brand Cybercriminals do not discriminate based on industry or business size. Security is expensive. At least, it is if you wait until fraud perpetrators attack before protecting your business. Cybercriminals do not discriminate based on industry or business size. In fact, SMBs are targeted more because they often make easy targets, and the costs are significant, sometimes devastating. The cost of stolen data across the world increased by 23 percent in 2014, with individual stolen records costing as much as $154 for the average business. 1 Before embarking on a security solution, companies should examine the common tactics criminals use to steal data, evaluate the risks inherent in their industries and consider the ways other businesses are combatting fraud. In the following pages, we will explore why security is critical to your brand and show you how to work proactively to protect your business from people who mean to steal from your customers and, consequently, your livelihood

3 Methods used by fraudsters One of the most problematic aspects of security is the surprising number of ways people commit fraud. Fortunately, the most common methods are well-publicized. Here are some of the most popular ways data thieves can infiltrate a business. Employee theft This crime is most prevalent among service workers who process transactions where the customer can t see what they are doing. Before completing the transaction, the thief swipes the payment card through a skimmer, a device that records personal data. 2 Malware Cyberthieves also infiltrate a company s internal systems by ing a link or attachment an employee might click on while using a company computer online. When someone clicks the link, it invites the virus in to steal data. Data breaches Most data breaches occur when thieves find vulnerabilities within the payment processing system and exploit them. When a customer swipes a card, or enters information online, the transaction transfers data to the business s acquiring bank. Skilled cyberthieves can intercept the data as it moves along the chain. They can also find ways of tapping into stationary computers where sensitive information is stored

4 Making sure your business is PCI compliant is the most important step toward insulating your business from the risks of a breach and minimizing fees if one does occur. Importance of PCI compliance Nothing is more important than keeping customer data secure. Businesses that accept electronic payments in-store or on the web are aware of the risk, although they may not be fully aware of the consequences of a data breach. Penalties levied by banks and credit card companies can cost a business between $5,000 to $500,000, not to mention revenue declines from consumers losing trust in a payment system. 3 Making sure your business is PCI compliant is the most important step toward insulating your business from the risks of a breach and minimizing fees if one does occur. What is PCI compliance? The Payment Card Industry Data Security Standard (PCI DSS) is a set of rules designed to make certain all businesses managing and processing payment card information keep their data secure. Enforced by credit card companies and banks, these standards provide a list of requirements companies must follow in order to accept payment cards from their customers. The requirements include completing a self-assessment questionnaire, passing a vulnerability test with a PCI SSC Approved Scanning Vendor and submitting evidence that confirms compliance to the acquiring bank

5 Costs of a data breach When a data breach occurs, there is plenty of pain to go around. Customers often have to suspend their accounts, order new payment cards and even sort through fraudulent charges with their banks, and the costs for businesses and financial institutions can be shocking. The average cost per stolen record in the United States is $201, higher than anywhere else in the world. 5 Expenses for SMBs A data breach subjects a company to multiple fines, penalties and expenses. Forensic examination of payment system Even a suspected data breach can mandate an in-depth investigation of your payment system, and if one is found, the forensic examination will determine how bad the breach was. The fees for this analysis can run up to $50, Bad press Even small companies can get a lot of negative publicity when a data breach occurs, resulting in a loss of confidence among the buying public. This bad publicity can have a far-reaching impact for years to come due to archived articles on the internet. Damaged relationship with credit partners Credit card companies may refuse to do business with you after a data breach, particularly if analysts determine it was the result of negligence Businesses_Cost_of_a_Data_Breach_Article.pdf 5

6 Tokenization allows businesses to keep customer data secure while also retaining the transaction information Tools that combat theft Data theft is a daunting problem for any business, but the good news is payment processors have developed tools to help you minimize the risk by staying within PCI standards. Transaction security By adding protective layers to your payment system, you can help thwart cyberattacks as consumers swipe their cards or key in account information online. EMV cards Short for EuroPay, MasterCard, Visa, EMV cards are new smart cards that keep sensitive data stored in a microchip, rather than a magnetic strip. This new chipand-pin technology is much more secure than conventional payment cards. 7 Encryption This code converts the payment data into non-readable text, a solid step toward security. However, a skilled thief can sometimes decode the encryption. Tokenization Using tokenization, the customer s account numbers are removed from the transfer process, stored in a virtual vault and replaced with a token that s used to reference the transaction. Tokenization allows businesses to keep customer data secure while also retaining the transaction information for sales reporting, returns, and recurring billing. Firewalls Online orders and third-party reporting can sometimes leave a door open for attackers, but installing a firewall and a DMZ (demilitarized zone) for validating legitimate incoming traffic can help block unauthorized inquiries into your system

7 Credit card companies will help you Once cyberthieves successfully capture someone s account information, they usually sell it to a third-party that manufactures fraudulent credit cards. Merchants that train employees to keep a watchful eye on the checkout process are more likely to stop fraudsters in their tracks. Here are some ways Visa and MasterCard are helping merchants stop fraud at the register. Security features on the printed cards Holograms Both card manufacturers place holograms in specific places on their cards. Employees should look for them when verifying the legitimacy of a card. Account numbers MasterCard accounts begin with 5, and Visa accounts begin with 4. Account numbers should always be straight, even on embossed cards, and both card types should have bank identification numbers printed in specific places. CVV Every card should have a card verification value number in a white box that sits next to the signature panel. Suspicious behavior to watch for Fraud perpetrators sometimes give themselves away through unusual behavior in the store. Employees should be wary of anyone purchasing an oddly large number of similar items, or buying expensive products without asking any questions about them. Fraudsters may also try to rush a transaction at the checkout or distract the sales clerk, keeping his or her attention away from the fraudulent card. 8 8 Visa Security Card Features, 7

8 Security should be the first priority Merchants that make security a priority can dramatically reduce that risk Businesses are faced with a huge dilemma in today s marketplace. In order to stay competitive, they need to meet consumer expectations and that includes accepting payment cards but accepting electronic payments exposes the business to enormous risk. Merchants that make security a priority can dramatically reduce that risk. Stay vigilant about how customer data is stored and managed It s extremely important to know where customer information is stored, what vulnerabilities exist, and who has access to the data. Implement an internal security policy Make sure each employee knows what his or her role is in keeping data safe, and provide training on a regular basis so they can stay current with best practices. Your data management system should also offer tiered levels of user access, allowing you to limit who can see and manage sensitive customer information. Partner with a payment processor Point of sale systems now include advanced security features that can help protect your business. Payment processors can help you integrate encryption and tokenization into your POS, while also introducing you to features that can improve your marketing, sales reporting and accounting efforts. Merchants are not alone in the fight against fraud. By investing in the right solutions and partnering with professionals who stay current on new threats, your business will grow with a strong, secure payment system your customers can trust. 8

9