Cyber Attacks: Preparing and Protecting Your Business
Cyber security threats are continuously on the rise. The rising tide of cyber crime has pushed spending on information security, a subset of cyber security, to more than $86.4 billion in 2017 according to Gartner. By 2021, cyber attack damage costs will hit $6 trillion annually, up from $3 trillion in 2015 as reported by CSO.
According to Cybersecurity Ventures, cyber crime will triple the number of cyber security jobs needed, resulting in an expected 3.5 million jobs by 2021. Each IT employee will now need cyber security responsibilities included in their position.
Hackers are moving quickly to outsmart companies and their systems, which brings us to the very obvious, yet necessary, question: how do we improve security? The increased acceptance of EMV technology throughout the country is heralded as a saving grace. While EMV is an effective measure for reducing card-present fraud, chip cards do not entirely prevent potential hackers from carrying out a harmful data breach. So, what else should be done? How do we protect credit card holder information no matter the payment method?
Do not neglect your POS system security. Merchants need a combination of point-to-point encryption and tokenization — a level of protection that not only keeps customer information safe, but can significantly reduce PCI compliance scope (and costs) for businesses.
Now, let’s talk about what this combination really means. Point-to-Point Encryption (P2PE) is a payment security solution that guarantees the strongest encryption protection for card-present transactions at the point of sale, like those completed with terminals and mobile devices, as well as key entry transactions. Many POS security experts will tell you that POS devices are typically where you’ll find the highest volume of vulnerabilities to data breaches, including credit card data breaches.
To ensure cardholder data is truly being protected from the point of entry at a store all the way to the bank, it’s important to use a PCI-validated P2PE solution. For more information on P2PE, check out this video from the PCI Council.
Just as P2PE is important for payment hardware, tokenization is the preferred security solution for online transactions. Tokenization is an irreversible mathematical process of substituting sensitive credit card holder information with non-sensitive equivalents, or tokens, that would have absolutely no meaning to a hacker if they were to break into a system. For e-commerce, if payments are integrated into a website or application, a tokenization solution protects all areas where a customer enters sensitive data.
Don’t forget to keep regular checks on your network security. Having a network firewall could be an important need for your business in ensuring the next data breach isn’t yours. Setting up firewalls in between network segments is also a required part of keeping compliance with
PCI DSS. Using a firewall will help keep sensitive data separate. Once set up, firewall event log monitoring will make sure everything stays secure.
For more information on tokenization, Gartner released a report — Market Guide for Merchant / Acquirer Tokenization of Payment Card Data — outlining the advantages of tokenization and notable vendors. For information on CardConnect’s secure payment processing of CardSecure P2PE, click here.
You can also fill out the form below to get in touch with our teams.