We constantly hear the term “data breach”, but what does it mean? The Identity Theft Resource Center (ITRC) defines a data breach as an incident in which potentially sensitive information, such as an individual name plus other identifiable personal information, is put at risk.
The ITRC tracks data breaches weekly and since 2005, there have been over 4,000 breaches; 619 breaches impacted over 57M records in 2013 alone. Data on the move is at the top of the list of primary causes of breach.
For retailers, the narrative is only growing. Based on the Trustwave 2013 Global Security Report, retailers were top of the list for 2013: there has been a 45% increase in data breach investigations related to retailers.
So how do retailers battle the endless stream of potential data breaches, protect their brand integrity and keep their names off the front pages of the news outlets? We advise them to implement a layered approach and address all of their consumer payment channels. The following are technologies that can be used to secure payment information throughout the lifecycle of a payment:
• Point-to-point encryption: Point-to-point encryption helps provide the private card data of consumers the same level of protection the industry has been using for decades to secure PIN number information. The ability to secure payment information from the card swipe forward is critical for retailers that accept payments in a brick and mortar environment.
• Secure Payments Page: This technology addresses the eCommerce channel, allowing retailers to protect the payments information coming from the fastest growing segment of many retail businesses. By providing encryption, tokenization and industry services like 3D Secure, a retailer can reduce the exposure through this channel.
• Tokenization: Tokenization gives retailers the ability to configure their platform to return a token value to the store system, as opposed to echoing back sensitive PAN data. This helps mask and protect the sensitive payment data being sent via the various payment transactions paths a retailer may use. Tokenization provides protection of payment data “at rest”, supporting the business processes that need to happen after authorization has taken place, such as settlement, customer service, order fulfillment, refunds and disputes, and chargebacks.
• Network segmentation: Network segmentation confines data to a private, protected network and provides an additional layer of protection. It helps reduce the scope and costs associated with PCI compliance and drives down your overall exposure by keeping payment data isolated from servers and networks that support all of the other business functions.
The bad guys are out there to find ways to penetrate store systems. It’s up to retailers to confront this reality and protect their storefronts – digital and physical.