Should I Be Scared of the Cybersecurity Threats I Hear About Every Day?
Author: Sean Berg, Shift4 Payments
In the world of cybersecurity, fear has become a very normal emotion. If you are not scared of having your business or customer data stolen then you are not paying attention. Cybersecurity is now a business issue instead of a technology issue that can be tackled by the IT department as it was years ago. Companies find themselves under extreme pressure to keep their information safe as they watch hackers steal information from major organizations. At this point, there have been almost 10 billion incidents of a data breach since 2013. That is more data breaches than people living on this planet.
Attackers and tools for data theft continue to evolve faster each month and cyber hackers are becoming masters of market manipulation. Protecting against these risks is more than just a piece of software, it is now necessary to become a frame of mind. Every company is vulnerable regardless of their industry, size, or resources. This is not the time to think about convenience as it could be at the cost of your business.
- The majority of business technology and payments providers are scrambling to provide effective security solutions.
- The PwC Global Economic Crime and Fraud Survey reports that 49% of organizations have been a victim in 2018.
- This is compared to an already significant 31% in 2017.
It should be alarming that business technology veterans are scrambling to find third party security solutions to protect customer data on their devices. Many of the largest financial institutions are severing merchant accounts by the hundreds of thousands if not compliant with current security standards. These actions are being done publicly and without exception. These actions speak louder than any of the statistics mentioned above and truly embody the state of cybersecurity in business today.
In the rush to focus on day to day business, many entrepreneurs mistake security compliance for cyber security. Payment card industry – data security standard (PCI-DSS) was formed by the primary financial institutions in 2004 to create a security minimum. The organization requires specific security expectations from every business to be allowed to conduct transactions between financial institutions. However, there is a significant difference between passing an exam to prove compliance and securing data each and every day.
Security can be broken down into layers.
- The data transferring from the payment card or device (mobile phone, contactless card, etc)
- The hardware that reads the payment data (magnetic swipe reader, EMV chip reader, ecommerce interface, etc)
- The software application storing the transaction data (point of sale system, property management system, online shopping cart, etc)
- The payment network (data transferred from the software application to the payment provider)
- Stored data (transaction data stored on the payment device for future use such as hotel reservations, bar tabs, delivery orders, etc)
Security requires that all data is protected during each of these stages. If you are not confident that each of the steps above is unconditionally protected from theft, your business is at serious risk. To ensure you are confident that your data is protected you should be able to answer the following questions.
- What is required to be PCI-DSS compliant?
- Why is EMV not enough?
- What is point to point encryption?
- What is the difference between hardware encryption and software encryption?
- What is a payments gateway?
- What is tokenization?
- What is the difference between the tokenization technology available and the PCI-DSS minimum?
It is normal today to be worried about the safety of your business and customer’s information. Security is now an issue that must be at the forefront of every business owner’s priorities if they wish to succeed. It is only possible to stop the accelerating number of data breaches by making data security a priority in every business. The first step is ensuring you are educated on the data security needs your business has today.