With every new innovative technology launched, hackers are waiting to learn and create new ways to break into systems to steal data. The Nilson Report states the payments industry can expect $31.3 billion in global card losses in 2018, which represents an 18 percent increase every year since 2013.
Data breaches have only gotten more severe since the first recorded digital attack in 2005, when DSW Shoe Warehouse was compromised and hackers stole 1.4 million credit card numbers. The Privacy Rights Clearinghouse states that in 2005 alone, 136 data breaches were reported. However, data breaches have been around way before that, when paper files got compromised with personal data recorded on them.
More recently in 2017, the Equifax data breach affected more than 143 million people (the total grew through March 2018 to over 148 million affected). Records stolen included credit card information, driver’s license information, social security numbers, date of birth, phone numbers, and email addresses. If Equifax used well-known best practices in security, routine security reviews, and internal controls, this breach may not have happened.
From 2005 until now, more than 8,790 data breaches in the U.S. have been made public, with more than 11 billion individual records breached. Hackers used to be focused on the card-not-present transactions, but now they are learning workarounds to beat new payment protection solutions like EMV. Sometimes, even human error from the business can cause data to be misplaced or given to the wrong people. A Ponemon Institute Research Study cites the three top causes of data breaches today as 47% malicious or criminal attack, 28% human error, and 25% system glitch.
Here are some ways to make sure your business is well-equipped so the worst doesn’t happen.
A risk management program will examine each aspect of your business and allow the security team to understand where the biggest vulnerabilities are. All key stakeholders should be brought together once a year to discuss areas for improvement.
If the worst happens, communication and preparedness are everything. Be ready just in case with a solid incident response plan. If a data breach does occur, the priority should be on mitigating and lessening the impact of the breach. A plan, in addition to a comprehensive security program, is the goal.
Never ignore a software update or a notice to change a password. New updates for software and apps will ensure everything is running as well as possible. New vulnerabilities will be patched during this time.
The PCI Security Standards Council recommends using payment data solutions like tokenization and P2PE that provide strong encryption. Merchants using true P2PE solutions will make sure the payment transaction is encrypted from the moment payment is made with a card, throughout its full lifecycle. Tokenization uses unique tokens that are useless in the event of a data breach.
Educate employees on the risks of data breaches and how easily ID theft can affect customers lives (and even their own lives if it were to happen to them). Encourage everyone to be watchful and report anything that doesn’t seem right, whether it be with the point-of-sale system during a transaction or even a computer running slow or not operating correctly.
The effects felt by identity theft victims may never go away. The Identity Theft Resource Center’s Aftermath 2017 Survey says that 38% of ID theft victims say their ability to get credit cards was affected; 21% had collection agencies call them about fraudulent accounts; 16% say they were unable to open a checking or savings account; yet 14% say the interest rate on their current credit cards increased. And, 3% declared bankruptcy due to identity theft.
Consumers put their trust in businesses every time they share their personal information or credit card information. Today, merchants must place even more emphasis on becoming more innovative, vigilant, and smarter than the scammers as the evolution of data breaches continues to progress.