As cybercriminals search for another ‘bebe’ this holiday shopping season, it is likely that your credit card information system will become an easy ‘target’. Persistence and sophistication of hackers seem to be winning against the intentions and strategies of businesses to prevent credit card information security. The fraudsters’ success list is becoming embarrassingly long with the latest being BeBe Stores Inc., a chain of 200 women’s fashion apparel stores in the US, after million dollar credit card data thefts involving Target, Neiman Marcus, Home Depot, Staples, UPS, Michaels, P.F. Chang’s, LaCie and many more.
Menacingly, the challenges associated with secure storage and transmissions of credit card details is complex in nature and businesses are deploying evolved solutions. Attackers are also increasingly turning their focus smaller businesses, disrupting operations, profitability and reputation. These enterprises are often caught unaware of security requirements and try to gain confidence from a mistaken belief that breaches are targeted only at larger businesses. While the US is the champion of credit card fraud, Europe is catching up, with 2013 fraud losses showing 6.2% increase, touching $2.1 billion.
The situation for businesses, already fighting stiff competition amidst thin margins, are getting tricky as empowered consumers are keeping track of the organizations that fail to handle their data adequately. According to a survey conducted among 865 US consumers by Princeton Survey Research Associates International for CreditCards.Com, 45% of consumers would surely or probably avoid a store over the holidays if it had experienced a data breach. Sixteen percent respondents would surely avoid while 29% would probably not shop at such stores.
According to KPMG’s 2014 Holiday Shopping Survey, growing mistrust relating to security of personal information is expected to negatively impact holiday buyer behavior. The November survey of approximately 1,400 US consumers found more than half of customers are either unsure or not confident at all in the information security both in-store (58%) and online (63%). While businesses increase investment during the shopping to grab consumer attention, the overall spending is expected to be relatively flat.
The change in consumer confidence should come as little surprise as 744 breaches have occurred as of December 17, a leap of 25% percent over the same time period in 2013. However, businesses can ill-afford to be only reactive in their approach especially after estimated $4.1 billion expenditure for ensuring information security this year seems to have done little to prevent adverse events. The PWC survey suggests the amount spent could increase by $2 billion in 2017.
However, we believe, while increased spending is a much needed boost, it is far from being the sole remedy. As hackers are gaining the expertise to ape the actions of actual buyers and limit businesses’ ability to detect intrusion as they steal credit card data, businesses need to adopt some technical, procedural, and personnel-related strategies to protect credit card data.
Expect, protect proactively, detect early and respond sooner: To gain access to important information as valuable as credit card details, attacks are executed in increasingly clever and enhanced ways. Expect a malicious attack round the year in general, and before and after special occasions in particular. Remember the Target breach took place as the shopping season ripened! Believe that your business may not be much safer this holiday shopping season.
The resultant vigilance will help in protecting systems against breach attempts. In scenarios of failed prevention, a proactive information security strategy will enable early detection which will ensure that the exposure is not too damaging. While early detection protects against business-threatening consequences, it will facilitate early response to sustain business continuity in the risk-intensive world.
PCI Compliance: Adhering to the important steps to an effective PCI DSS assessment significantly increases the prevention of card security breach. The broadened mandates – which now cover big corporations as well as small businesses – will facilitate meticulous identification and elimination of any existing deficiencies in security practices relating to credit card use. The simplest way is to seek support from an evolved system designed to optimize the work efficiency for compliance of the PCI DSS 3.0 and the ISO/IEC 27001:2013 standards.
Safer card practices: However, implementation of PCI guidelines has their own challenges which range from transition to upgraded version to the accountability for assessors. Therefore, businesses need to efficiently implement safer card practices including upgrading of point-of-sale systems to chip-and-PIN credit cards usage, end-to-end encryption, and enhanced authentication process.
As businesses move ahead to fulfill demands from cautious consumers who seek convenience and quality with the assurance of protection even as cyber-thieves use complexity and sophistication to gain access to credit card, businesses must scrutinize their systems and processes with unconditional precision. While increased detection and announcement may only amplify the count of breaches in 2015, the immediate job in hand for businesses is to avoid credit card breach during the Christmas shopping season.