Security Intelligence recently reported that in 2018, the average cost of an enterprise data breach had officially surpassed $1 million, now growing to $1.23 million. These breaches are occurring more frequently, but thankfully, there are helpful data protection tips that help to ensure PCI compliance, and prevent large scale profit losses. Large corporations usually use enterprise resource planning (ERP) systems, which are business management softwares that integrate many applications into one network, including payment processing solutions. As you would probably imagine, it’s especially important for ERP systems to remain secure due to their high volume of business and customer data, both in transit (being processing) and at rest (being stored).
Check out these quick insights below to make sure your ERP system is as secure as it can be:
Not all data is created equal. No one wants to be hacked - but if (and when) it does occur, it’s important to know there is a big difference between an attack on high priority data versus low priority information. What is high priority data? It’s the data that if exposed, would cause the greatest damage. Some examples include credit card numbers, security codes and any other personally identifiable information that can be traced back to cardholders. Obviously, the effects of a cyberattack on high priority data can be much more detrimental, so it’s important to have a very in-depth understanding of the best practices for protecting that data.
PCI compliance is not enough. First, what is PCI compliance? PCI compliance refers to the Payment Card Industry Data Security Standards, (PCI DSS), otherwise known as the guidelines implemented by the major card brands to keep businesses compliant by protecting the sensitive data collected from customers when processing their credit cards for payment. Although it’s a requirement for all companies to remain compliant with PCI standards, this should only be the beginning for businesses dealing with high priority data. Although a good baseline, it’s important to be prepared for innovative criminal attacks that those standards may not yet consider. Luckily, there are other security measures companies can adopt to further secure data past PCI compliance guidelines - bringing us to helpful enterprise payment security tip number three.
Tokenization is key. There are a few key technologies that allow you to move beyond compliance and implement more security with less effort. Tokenization is one of the those technologies because it allows you to remove your ERP system from the scope of PCI audits by replacing high priority data (within the walls of your network) with valueless tokens.
Tokenization is not encryption. Many people believe tokenization and encryption are essentially the same security technology. They are actually two different solutions, but both processes work together to protect cardholder data. Point-to-point encryption (P2PE) works by encoding sensitive information using an algorithm that protects the data collected during card-present transactions. Tokenization is particular protective of card-not-present transactions like those processed via online shops. The tokens created during this process are not derived from their original value – they are based on randomized numbers. This means that even if a data breach does occur and tokens are stolen, the thief will never be able to derive the original credit card number from it.
When it comes to securing high priority data, it is better to be proactive than reactive. When a company is reactive, it’s usually because the business failed a PCI audit, or worse, has experienced a breach. In the latter case, the organization must find the most immediate resolution to minimize negative outcomes like executive level firings, loss of customer trust, fines and a massive reduction in profits.
If you’re interested in learning more, our Director of Enterprise Sales, Mark Cuneo participated in a FinTech Hotseat, a 15-minute Q&A video series hosted by Strategic Treasurer, a leading treasury consulting firm based out of Peachtree City, Georgia, to talk about protecting high priority data. Check out the video below.
If you’re ready to get a conversation started, just fill out the quick for below and we’ll get in touch.