Data Breach Prevention: Lessons for Point-of-Sale Software
There’s little doubt that data breaches are an increasing threat for businesses and consumers. We often hear about a major data breach which leaves the personal information (such as credit card numbers, phone numbers or social security numbers) of millions of consumers exposed and vulnerable. According to a report from the Identity Theft Resource Center, there were 1,579 data breaches in 2017, an increase of over 44 percent from 2016.
With breaches on the rise year after year for large enterprises and software companies, it is important to understand how to protect your business from data breaches and other cyber security threats. We’ll help explain more about PCI compliance, network security, and how understanding the important steps to prevent data loss or theft will help you pick the right payments partner.
How can my organization prevent data breaches?
Preventing data breaches is an ongoing and evolving process. The PCI SSC recommends six ‘security milestones’ as a basis to help organizations and merchants stay protected from data breaches:
1. Remove sensitive authentication data and limit data retention.
If you organization doesn't require the data, then reduce the risk of a breach by choosing not to store it.
2. Protect systems and networks, and have a data breach response plan.
Put controls in place for points of access, and have a process in place to respond to a data breach.
3. Secure payment card applications.
Ensure any applications meet stringent security requirements, as weaknesses allow hackers to compromise systems and access sensitive data.
4. Monitor and control access to your systems.
Identify who is using your payment network, including the actions they are authorized to perform.
5. Protect stored cardholder data.
Implement protection mechanisms such as tokenization to anonymize identifiable or sensitive information.
6. Finalize remaining compliance efforts.
Complete PCI DSS requirements and confirm all related policies and procedures required to protect cardholder data.
Following one of these steps in isolation will not provide the comprehensive security required to protect organizations from data breaches, but taking the milestones in their entirety provides a strategy and roadmap in efforts to maintain high levels of data security.
How do data breaches occur?
Data leaks occur when a criminal hacker or entity gains unauthorized access to a system containing sensitive or protected information. The sensitive data could be any identifiable information, ranging from a debit card number to healthcare records. The breaches are usually a consequence of lax security, system glitches or human error.
How can my software business stay protected from a data breach?
There are rules put in place by credit card brands to help businesses in the fight for data protection. Observing the PCI Data Security Standards (PCI DSS) is something any business accepting credit cards must do, or they could face fines - or worse, a data breach. The average cost of a data breach was $3.86 million, with Americans experiencing the highest per capita cost at $233.
There are 12 main requirements detailed by the PCI Security Standards Council (SSC) here. This guide can be used by those that undergo an on-site assessment or use the Self-Assessment Questionnaire (SAQ-D).
Networks can be built with security in mind from the start, so it’s important to think about segmentation right off the bat. Segmenting your networks will keep them from talking to each other, so that if a criminal hacker is successful in getting access to one segment of your network, keeping it separate from other segments will help keep them protected. This will reduce your PCI audit scope.
If you have any doubt about navigating PCI compliance, there are qualified security assessors (QSA) who can help you understand the complex and ever-changing protocols. These QSAs are trained by the PCI SSC to help conduct assessments on how to handle credit card data. They can help with even the biggest compliance requirements to ensure you stay protected.