Over the last year, payment card security — or actually, the lack of payment card security — has been one of the top discussions among retailers and consumers. New payment technologies are coming forward such as Apple Pay and Point-to-Point encryption, but will those new payment technologies do the trick?
A recent study by ACI Worldwide and Aite Group titled, Global Consumers: Concerned And Willing To Engage In The Battle Against Fraud, found retailers have little consumer trust when it comes to data security. Only 55% of survey respondents said they think the stores they frequent deploy security systems to prevent data breaches. And nearly one third of respondents (29%) said they don’t trust retailers to protect their personal and financial data from criminals.
But payment security is a single battle in the cybersecurity war. Once payment card data is no longer of value, hackers will seek another source of revenue. What are your strategic plans worth? How about personnel information? Is your cybersecurity system even looking at those databases?
There are questions everyone should be asking about data security:
Is data security taken seriously at your organization?
How are you encrypting sensitive data? Whether the data is being stored on-premises or in the cloud, make sure proper encryption (and decryption) techniques and practices are in place.
What advance steps have you taken to secure the data you’re collecting? Be prepared to answer, “How is my data being secured?”
Who has access to the customer data you collect? It’s important to keep data on a need-to-know basis and make sure access is revoked when employees leave.
Building bigger firewalls to keep intruders away won’t cut it. Hackers will find a way in, and you need to be prepared to act. Some experts believe that as long as you know you have intruders in your network and can see what they’re doing, you’re one step closer to keeping sensitive data safe. Using analytics to monitor network data flows for uncharacteristic activity can help predict attacks that could bring you to your knees.
To win the cybersecurity war, you must focus on an enterprise-wide cybersecurity strategy:
Knock, knock. Assume that breaches will occur, and build systems to identify intrusions as close to the initial entry point as possible to minimize data loss.
Be prepared. Develop action plans and practice them so you are ready when a breach occurs (it will).
Lather, rinse, repeat. Accept that this is not a one-time project. Data security needs to be part of the daily fabric of your business. Constantly monitor and update to protect against the latest hacker activity.
By engaging about the cybersecurity issue up front, you’ll be able to reduce the threat posed by hackers and regain the trust and confidence of consumers.
Alan Lipson is the Global Retail Industry Strategist at SAS.