Sensitive and valuable customer data is constantly flowing through your IT systems. The very existence of this data can put your business – and your customers – at risk from fraud unless you take steps to protect it.
If security is breached, the criminals can rob your business of its reputation, they can steal your customers’ trust and they can expose you to significant legal and financial liabilities.
Mitigating the risk
There are many simple, yet critical, steps you should follow to keep all customer data safe, Visa Europe are at the forefront of defining standards for emerging technologies that can help make you more secure – and therefore less attractive to criminals.
Retailers top fraudsters’ hit lists
Today’s fraudsters have little resemblance to the ‘chancer’ image of old; they are organised, spread geographically and highly sophisticated. While innovations like chip and PIN cards have helped bring down overall fraud, criminals have shifted their focus to wholesale data crime. They are intent on compromising systems to obtain sensitive account data to carry out fraudulent transactions, either in a face-to-face setting or on-line.
Many retail businesses routinely store the large volumes of account data coveted by fraudsters. They are seeking ways to exploit retailers which have not done enough to secure their customers’ data. And research by Cybersource shows that they continue to succeed at infiltrating retailers’ systems and are skimming an average of 1.8% from retailers’ income.
Protecting your Customers
The Payment Card Industry Data Security Standard (PCI DSS) is a comprehensive set of requirements for enhancing payment account data security. Carefully following these standards helps retailers guard against the threat of data compromise, but achieving this can be a complex process.
Visa Europe Leadership
Recent analysis from Visa Europe and others suggests that the majority of data breaches are a direct consequence of two particular types of vulnerability; gaining access to retail systems using vendor-set default logins and SQL injection attacks. Visa Europe has recently published several guides to help retailers to secure cardholder and account data, including information on how to mitigate the risk of compromise due to SQL injection and default passwords. We strongly encourage retailers to take action against these vulnerabilities as a priority when working towards PCI DSS compliance.
In addition, Visa Europe is working together with the broader payments industry to help define emerging technologies that offer a straightforward way to simplify and achieve PCI DSS compliance.
These include data field encryption, which eliminates the availability of clear-text data in the retail environment and ensures that only encrypted data is transmitted and decrypted at its destination. Visa Europe has taken the step to publish the industry’s first specification for data field encryption solutions.
Together, these guides and specifications will help you find out more about the steps you should take – and the disciplines you should be expecting from your suppliers and developers to secure your customer’s data.
The guides can be downloaded from: http://www2.visaeurope.com/merchant/ ais/resourcesanddownloads.jsp