In only a few short years, cybersecurity’s public perception changed from a standard practice to a required complex strategy. It is no wonder that 2015 is the year of data protection, especially considering how many merchants experienced data breaches in 2013 and 2014. Now, protecting customers payment card information is a full-time job for many retailers, as fears of cyberthreats continue to grow every day.
With multiple point-of-sale systems, mobile devices and the cloud becoming critical to businesses, merchants are rightfully worried about cybersecurity. The good news is that the Payment Card Industry strictly enforces guidelines and regulations in regard to data protection. This gives retailers some peace of mind since they commonly believe that adhering to PCI DSS is a guarantee of strong cybersecurity.
However, the PCI DSS sentiment could not be further from the truth. In fact, merchants should take those data security standards with a grain of salt, as they offer little in the way of complete protection. Instead, the PCI’s data protection guidelines and regulations serve retailers better when business leaders consider the requirements to be the bare minimum of accepted cybersecurity practices.
“If a retailer only complies with PCI DSS, it is still vulnerable to a number of threats.”
If a retailer only complies with PCI DSS, it is still vulnerable to a number of threats, as well as at risk of a data breach. The only solution is to integrate a new payment processing and security platform with capabilities that extend beyond the PCI’s guidelines. Of course, merchants need more evidence than that to even consider deploying a new security tool. So, here are four reasons why retailers need better secure payment processing solutions.
1. SAP is not secure enough
SAP and its enterprise resource planning platforms and customer relationship management systems are very popular among merchants, as they often provide a complete solution for managing payment card data and consumers’ personal information. However, despite the clear value of SAP ERP and CRM, those systems are not secure.
A recent Onapsis research study identified that over 95 percent of SAP systems are vulnerable to exploits that “could lead to full compromise of [a] company’s business data and processes.” Customer information and credit card security breaches stem from the most common attack vector identified by the source: Hackers move between SAP systems and corporate networks with the goal of infiltrating where the most important and valuable data resides.
It is easy to apply patches in a timely manner to prevent many of the vulnerabilities from leading to a data breach, but IT professionals need to always be alert and ready. Unfortunately, IT Business Edge reported that SAP data is often forgotten and left out of data protection processes, especially when extracting this data from an SAP system. With secure payment systems and security platforms that integrate with SAP environments, merchants can automate data protect and reduce this risk.
2. Encryption matters
The PCI Council quickly realized this year that encryption should be required whenever merchants store payment card data. However, not all retailers will go to these lengths to protect data, simply assuming that as long as no one infiltrates their corporate networks, data will be secure. Encryption isn’t only about protecting payment card security and personal information for Internet-borne cyberthreats.
For example, at the end of May, Forbes reported that Heartland Payment Systems experienced a data breach. This wasn’t the typical story. Instead of cybercriminals, actual thieves broke into the HPS office, stealing password-protected computers off desks. If those systems stored encrypted data, the company would be in the clear. However, the source posited that if that was the case, HPS would have made a statement indicating exactly that. Instead, the firm told clients that their banking data was compromised.
3. Customers care
Merchants need customers, and if protecting data for anyone, retailers should focus on the consumer. Information Age recently reported that one-quarter of global shoppers stated they were “skeptical” of e-commerce organizations that do not make their data security tools apparent during each phase of their brand interaction. The source highlighted that this means the difference between completing a transaction and abandoning it.
The result is obvious: By implementing cutting-edge secure payment systems, retailers can have data protection tools that they can boast about.
4. Data breaches are expensive
The costs to prevent a data breach are much lower than what merchants will face in the event of a cyberintrusion. A report from Ponemon Institute and IBM found that the cost of a lost or stolen record averages at $217. Depending on the size of a company, that spending plus the PCI DSS fees could cripple a business. Furthermore, the study discovered that data breaches typically cost anywhere between $5.9 million and $6.5 million in total.
Payment card security starts with the software to protect systems. Without a platform that integrates with SAP, however, businesses aren’t securing as much as they think. New cutting-edge secure payment processing solutions are required in 2015, and with those, merchants will avoid becoming the latest breach victim.