As we approach the holiday shopping season, consumer trust in merchants, especially the retail industry, isn’t as high as it could be when it comes to protecting consumer credit card data. A new study by First Data found that the retail industry ranked among one of the least trusted types of businesses with just 8% of consumers trusting this group in the 2018 Consumer Cybersecurity Study.
In addition to the retail industry, the food service and petroleum industries were also ranked among the least trusted businesses with 8% and 4% of consumers in the study trusting this group, respectively. Among the most trusted businesses are financial services (46%), healthcare (39%), and insurance (30%) companies.
Hope isn’t lost for retailers in restoring consumer trust. Retailers and other merchants can choose safe and secure payment solutions to help restore confidence. As EMV adoption has proven slower than some would like, security of merchant data can run a greater risk of being compromised. Retailers can choose to make their payments secure to give shoppers peace of mind that their data is safe while they shop.
Here are some ways to ensure your business procedures and payment processes are helping you gain trust among customers, thus preventing the chances that your business gets breached.
1. Tokenize cardholder data: It is recommended by the PCI Security Standards Council to use payment data solutions like tokenization and point-to-point encryption (P2PE) that provide strong, modern encryption. Tokenization is a process that exchanges sensitive data, like a credit card number, with a valueless token that criminals can’t use. It won’t keep a hacker from breaching a system, but it drastically reduces its impact.
2. Implement P2PE technology: P2PE is a solution that protects sensitive data with encryption from the moment it is captured through its full lifecycle. Applying P2PE technology for credit card transactions eliminates the impact associated with hacking attempts like device skimming. When tokenization is combined with P2PE, merchants can prevent the use of sensitive data for fraudulent activity if their business is breached.
3. Conduct risk assessments: Putting together a risk management program will help you decide which areas to focus on to close your biggest vulnerabilities. At least once a year, conduct this assessment (or work with a security consultant to help you).
4. Have a plan: Everyone should have an incident response plan to control the situation during a breach. While running a modern business, nothing is 100% hack-proof and no one wants to think about this but it’s essential. Having a plan helps you communicate effectively to your customers, take the right actions quickly, and ultimately lessens the impact of the breach.
5. Run system updates: Applying updates and patches is crucial in keeping systems safe from the would-be attackers. Regularly checking for updates and patching vulnerabilities early must happen to keep systems safe.
6. Monitor your systems regularly: Daily scans and regular monitoring of data, networks, and devices are mandatory for protecting against hackers. A merchant will be much better off if they can detect malware after just one day, compared to malware that’s been living on a system for longer.
7.Reduce employee access to sensitive data: How many employees really need access to the business data? Review who currently has access and keep it to the fewest number of employees. If they don’t need it to do their job, they don’t need access.
8. Remove data you don’t need: The less data you keep on your system, the less chance you give criminals to steal it. Archive data you might not need daily, but still need to be accessible. Protect networks by ensuring they are isolated and behind firewalls. This also applies to paper documents. While most attacks come in a digital form, physical data is still vulnerable.
The threat from hackers continues to evolve. First Data’s 2018 Consumer Cybersecurity Study points out that it’s up to merchants to stay up-to-date with technology advances by implementing technology solutions and best practices that keep consumer data safe and secure. A vigilant and proactive merchant in data security will gain trust from their customers and ultimately mitigate attacks.