In today’s world, customers are expecting to shop and checkout at a pace that is conducive to their busy schedules. As a result, most retailers have invested in electronic purchasing options such as point of sale (POS) systems, with credit card transaction capabilities. Retailers should be prepared to handle credit cards in a secure and efficient manner. However, smaller businesses such as independent retailers are more vulnerable when they open up their POS system to electronic purchasing options. They are constantly under siege from malware, hackers and credit card fraud. Verizon Inc. recently reported that over 60 percent of the security breaches that occurred in 2010 were within companies of 100 or fewer employees. Moreover, about 95 percent of credit card fraud occurred with smaller customers.
Defense Against Retail Security Breaches
Visa, with the help of its Security Sense program, offers ideas specifically for retailers looking to defend themselves from security breaches:
1) Keep track of exactly what type of sensitive data you collect and store, such as names, addresses, identification information, payment card numbers, bank account details and Social Security numbers. Think carefully about what data you actually need, and do not store sensitive data you can do without. For example, never use credit card numbers as ID numbers in a customer loyalty program. Retailers should never store the “full track” of magnetic swipe data, the card validation value, or user PINs.
2) Make sure you are using secure services and tools that have been validated as adhering to industry standards. Use verification services that make sure the purchaser has the correct billing address and is physically holding the card.
3) Keep your payment system and data isolated so that only those employees who need access can gain access. Eliminate remote access if you can, and make it secure otherwise.
These are important steps to take when protecting customer data, and as a small business owner you have enough to worry about, including PCI compliance. Payment Card Industry (PCI) compliance is a complex and ever evolving subject affecting millions of businesses, including acquiring banks, Independent Sales Organizations (ISOs), and ecommerce and retail merchants. You may think a simple security checklist will keep you and your customers protected, but as PCI Compliance Guide columnist, Joan Herbig, writes, “Hackers are experienced professionals who have learned successful methods of breaking into your company, stealing your cardholder data, covering their tracks, selling the data in an online marketplace, and subsequently ruining your customer relationships, reputation, and brand name recognition. Everything your company spent so much time, energy, and money building can be gone between the time you went to bed and wake up in the morning.”
The 2011 Data Breach Investigations Report states that 86 percent of breaches were discovered by a third party, so chances are you won’t know about it until months later when a customer reports the theft of their credit card or identity. That is why system management appliances equipped to accelerate PCI standards and increase security within a POS system are becoming increasingly popular. Systems management support is a critical piece to the security puzzle.