Yes, the temperatures are still sizzling and Facebook feeds are filled with posts of family beach pictures, but the signs that summer is nearing its end have already surfaced. The one, truly dreaded realization for kids that their summer fun is almost over is that moment when the first back-to-school commercial pops up unexpectedly on the television screen. You can almost hear a collective “NO!” from kids across the nation.
The list of essentials and must-haves seem never-ending for a student, and this year the average American family with children will spend roughly $674 on items including clothing, electronics and other supplies, a 7% increase from last fall according to the National Retail Federation. Total back-to-school spending is expected to hit $27.3 billion in 2016, in addition to school-related spending by families with college students, which may bump the figure to $75.8 billion, up from $68 billion the year before – an 11% increase.
Back to School Spending and Data Breaches
Back to school spending is the second largest spending season for consumers, which makes it prime hunting season for cyber thieves attempting to hack into any network or system to gain access to valuable customer data.
And it’s no longer just retail stores that are prey. Today’s educational institutions offer parents and students the convenience of paying electronically online, over the phone or in person – and with these multiple payment options comes a greater risk of fraud.
As of August 2nd, the number of data breaches reported in the 2016 ITRC Breach Report reached 572, with 13,491,597 consumer records exposed.
Breaches in the education sector are up 60% over 2015 figures, and in the last decade, colleges and universities have accounted for 15% of all data breaches, with over 15.5 million records exposed.
Additionally, the business sector – think large retailer breaches like Wendy’s, Target, and UPS – account for 45% of all reported data breaches.
Data Breach Costs Continue to Rise
The numbers don’t lie and the costs associated with breaches are painful to hear, let alone experience. Ponemon’s recent report on data breaches reveals a 23% increase in the average cost of a breach since 2013 – now at $3.8 million per data breach.
Data breach costs in the U.S. are the highest in the world, at $217 per record. But for some sectors, due to the large amounts of patient or client information that is stored in a business’s network, it is even higher as the data has a larger value and longer shelf life on the black market. The healthcare industry has the highest average data breach cost per record at $363, followed by the education sector at $300 per record.
Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said his research team had identified three main reasons for the continued rise in the cost of data breaches.
“Cyberattacks are increasing both in frequency and the cost it requires to resolve these security incidents. Second, the financial consequences of losing customers in the aftermath of a breach are having a greater impact on the cost.” The third main reason provided was “more companies are incurring higher costs in their forensic and investigative activities, assessments and crisis team management.”
Breaches caused by a malicious attack via malware, ransomware or the like takes an average of 265 days to detect. Once detected, it takes another 82 (on average) days to contain it.
Data breaches may vary by country, industry, cost, or by cause, but no matter where, why or how, they continue to happen. Once they do happen – ask any company that has suffered a breach – there is no quick fix.
Payment Encryption to Protect Education and Retail
In 2014, there were over 30 educational institutions that experienced data breaches. The leading cause – 60% of the breaches – was malware. Retail has suffered through many of its own high profile malware breaches where point of sale systems were exposed, with clear-text cardholder data stolen and later sold on the black market.
At Bluefin, we advocate a holistic security approach for all retailers and educational institutions – to protect consumers, shoppers, parents, students and alumni. While EMV is a great new tool to authenticate the validity of the credit or debit card being used, encrypting customer and card data is a key solution to preventing malware attacks on any business that collects and stores customer and payment data. The two main technologies used to protect payment data are Point-to-Point Encryption (P2PE) and tokenization.
- P2PE protects data in motion. Card data is encrypted immediately upon entry in the point of sale terminal, whether the card is swiped or dipped. It then travels through the POS in encrypted form so that it is never available in the merchant system as “clear-text” card data. This means that if someone breaches a system, they get nothing – hence the term “devalue the data.”
- Tokenization protects stored card data. There are many reasons a merchant may need to store a credit card – great examples are keeping the card number on file for recurring or subscription billing or to keep the card as a payment option for a consumer when they come back to purchase with the same merchant. In every case, a merchant should always tokenize this card data in their system so that it is never “in the clear.” Tokenization replaces the card number with a string of meaningless letters and numbers – hence the term “devalue the data.”
Educational institutions and retailers that implement these types of solutions help instill consumer confidence and will most certainly make for a better “back to school” shopping experience for all.