In today’s world, it seems as though it’s another week, another data breach. We talk a lot about cyber security, specifically in terms of protecting your payment information. But the truth is, all of the security in the world can’t stop data breaches. We’ve said it time and time again: it’s not if a hack will happen, but when.
Cyber crime has become incredibly sophisticated. Gone are the days where hacks were mere acts of petty vandalism. Today, they are full-fledged operations that are incredibly detrimental to companies and individuals.
Today’s hackers are fueled by economic incentives and are constantly developing new tools and skills that make breaches more frequent and catastrophic. Just look at some of the most recent breaches for proof: the Ashley Madison hack revealed personal information of 32 million users, and the U.S. Government breach compromised more than 21.5 million social security numbers. That’s just scratching the surface — think Anthem, Sony, Home Depot, Target… the list goes on and on.
It’s a new (and frightening) dawn of data breaches. Combine the sophistication of cybercrime with outdated and incomplete security measures, and it’s a recipe for disaster. In general, businesses too often enact security measures that only offer perimeter defense, like in the case of the Office of Personnel Management (OPM) breach. This makes your business an easy target and is something SMBs fall victim to too often. It’s not always about the data you have — it’s about how easy it is to get. If you aren’t prepared to be hacked, if you’re still in the mindset that hackers don’t want your information, you can count on a data breach.
What Can Merchants Do?
So we know that hacks are bound to happen due to the advanced level cybercrime has reached. Does that mean the situation is hopeless? Thankfully, no. Even if someone enters your system, there are still plenty of measures you can take to protect your business’s data. It all boils down to multi-layer security, which is a must in today’s world. Here’s what it looks like in action:
EMV has been introduced in the U.S. to authenticate physical credit and debit cards, as well as the user of those cards, in the retail environment. The new “chip” on cards makes it much more difficult for a fraudster to duplicate your card and use it in a retail environment to most often buy high-priced goods like electronics and gift cards that can then be resold for cash. But EMV *only* addresses transactions where a card is present and can be “dipped” into the EMV terminal. It cannot authenticate users who shop online or even purchase goods over the phone (like in a call center) because the card is not present in those environments. It is not a face to face transaction where the merchant can physically see the card being used.
EMV also does not address the protection of credit card data either in transmittal (for example, from the terminal through your point of sale and to the processor) or in storage (for example, credit cards kept on file for subscription or recurring billing). One of the primary issues with the major breaches is that once into the point of sale system, thieves found unencrypted credit card data. As discussed in the wake of the Target breach, EMV would have done nothing to prevent hackers from infiltrating the system and finding the data.
The key is to make data useless to hackers – whether credit card data or personal data, like social security numbers. Technologies like tokenization, which eliminates the need for card data to be stored, and PCI-validated point-to-point encryption, which encrypts cardholder data at all points of the transaction, are two primary and necessary technologies to fully protect data because they render data useless.
Yet as we’ve seen before, even advanced measures such as encryption are not enough if hackers have valid login credentials. Which is why it is paramount to not only have strong user names and passwords but to also feature two-factor authentication in order to fully protect systems.
In today’s world, “hack-proof” might not be achievable. But that doesn’t mean you have to hand over precious data. Protect your business and consumers by taking a multi-layered, holistic approach to cyber security. Contact us today to learn more and get started.