Up until recently, business leaders have often thought that security breaches happen elsewhere. Whether it’s confidence in their current security teams, the fact that they may not do any selling online, or the idea that their business is too small to warrant cyber-criminals’ attention, many executives today have a “it’ll never happen to me” attitude towards data breaches.
In addition, currently many executives are misinformed about where cybersecurity liability sits—or whose responsibility it will be soon, given the shift in fraud liability that will take place in the fall of 2015.
Whether it’s over-confidence or simple ignorance, the fact of the matter is many executives today are unaware about their risk level for a data breach, and should probably be more concerned.
While the buzz about data breaches at major retailers has been a near-constant bug in the ear of most large-scale business executives for most of the year, many regional and smaller business leaders have only recently started to think about data security and protecting their customers’ transaction data. As each breach has made headlines, immeasurable damage was done to these companies’ reputations–not to mention their bottom-line.
The fact is, most of these breaches that made headlines were probably preventable.
They say an ounce of prevention is worth a pound of cure, and nowhere else does this saying ring more true than when it comes to data security. Had each of these headline-making companies taken additional security measures perhaps they’d have been able to prevent the immeasurable damage to their companies’ reputations.
In each of these cases, with the simple addition of a multi-layered data protection program, including a tokenization process, transaction data could be rendered worthless to malware and cyber-criminals, making any attempt at a data breach a fruitless endeavor.
As these increasingly visible breaches occur, national and regional retailers are recognizing that the need to protect customer transaction data is very real. With each breach and its corresponding headline, executives are starting to realize the value of a true “end-to-end” data security solution, prioritizing data security at the top of their ‘to-do’ lists for 2015.
But how does an executive choose a solution? Just what should one look for when vetting a cyber-security partner to assist with guarding your very-important customer data?
What to seek in the right solution
Considering First Data’s TransArmor solution has protected over 4 billion transactions, we’ve come to learn what it takes to create a successful cyber-security partnership with our clients. When considering how to best augment your efforts to keep your business and customers’ data safe, keep in mind the following when vetting a potential data security partner:
- Encryption and Tokenization
To fully protect against the adaptive behavior of malware and cyber-criminals, an end-to-end solution that protects at greatest points of vulnerability in the payments stream is required. Data encryption and tokenization renders transaction data worthless while in the payment stream, and helps protects customer data while it reaches its ultimate destination.
- Fraud protection and EMV-Ready
Find a partner that brings an eye towards the future, helping your business prevent fraud using current methods and those afforded by EMV protection. According to new requirements set by the major payment network brands, liability shifts from card issuers to merchants in October, 2015, so a provider that incorporates EMV® protection is essential. A strong service provider is already aware of this pending shift, and can help your business certify to EMV standards.
- Online and In-store protection
A strong partner will take a holistic approach to data security, ensuring that whether your transactions are conducted online or in-store, their approach is a multi-layered, end-to-end solution.
- The Right Partners
Data security is a partnership, and all parties who touch a transaction must participate. A strong data security solution provider recognizes the power of collaboration with those in the industries who know and understand data security, and live these challenges every day. They also help merchants realize the vital role that they play in their own data security, and suggest the right business controls. At all levels of the transaction, data security has to be a collaboration between all parties, so ensure that any security partner you choose plays well with others.
- Service and Support
The right partner will be there for you when you have questions, large or small, about any aspect of your customer transaction security program. Security is more than protecting the payment stream; it’s about having the expertise, know how, and tactical execution capabilities to confidently protect the relationship you have with your customers should your company’s data stream or storage ever be targeted.
The Right Partner
Whether your company was an early adopter of security technologies, or is beginning the search for enhanced transaction data security protection, times have changed, and so have the technologies available. In addition, standards have been enhanced and liabilities shifted, so it’s important that in 2015 you make the right choice in data security solution partners and seek an end-to-end solution that includes encryption and tokenization.
We know your business cares about its customers, and is already doing many of the right things to help keep customer data protected. As you think about data protection, be sure to look for ways for you and your cyber security partner to “re-insure” your efforts with an extra layer of security protection that augments your existing program, so you can know for certain that you are taking every possible measure to protect your business – and customers – in a world that demands payment security vigilance.
Paul Kleinschnitz is the Senior Vice President /General Manager of First Data’s Global Security Solutions unit, working with national retailers, regional chains, and small businesses to create data security solutions that protect the reputations of the businesses First Data partners with and the customers that they serve. You can find him speaking frequently on cybersecurity issues at conferences and events nationwide, as well as on Twitter @kleinpa .