How Your Business Can Avoid a Merchant/Vendor Data Breach

In October 2015, many of the major vendors in the payment processing world will move to a new system for ensuring secure payment transactions.  The new payment systems will be chip-and-PIN or chip-and-signature, depending on the merchant/vendor.  Already successful in the earlier European rollout, the new systems should make information harder to steal and shift some or all of the liability to those vendors that have not become chip-and-PIN compliant.  Further, the Payment Card Industry Data Security Standard (PCI DSS) has issued a set of requirements to ensure that merchants process, store, and transmit encrypted data in a safe environment.

While these measures will help, they won’t eliminate the possibility of data being exposed during the point of sale. So regardless of what solutions are offered to secure data during the point of sale, one thing is for sure: It may not be enough to solve all levels of fraud.

Four Steps Merchants Must Take to Protect Themselves:

  1. Secure your perimeter IT network and web-based applications. Your IT network needs constant security updates/vulnerability assessments to ensure that no openings exist for hackers to compromise your secure data. Above all else, this perimeter or first line of defense system should be upgraded to ensure no areas of weakness exist.
  2. Monitor your systems at all times for suspicious IT and financial traffic. In this fast-driven world, you need constant 24/7 monitoring so your company can detect breaches faster and take immediate actions to stop and mitigate losses.  Vendors and merchants should formalize technologies to notify customers of potential data breaches or threats of same.
  3. Be prepared for the worst. Prepare your company with data breach response training and crisis management in every jurisdiction you are located. Develop processes and periodically perform data breach preparation and readiness training with your employees, and practice with them at various times and under different simulated data breaches.  Considering your company’s level of risk tolerance, you may want to hire a security forensics team before any breach.  Having a forensics team evaluated and retained before a breach occurs allows you to understand what it can and can’t do for your company plus you can evaluate its skills and expertise before using the team.
  4. Purchase data breach insurance. Since this is a new and growing area of coverage, insurance companies can help you focus on what level of coverage the business needs and what is financially at risk. Since insurance companies have checklists and protocols established for data protection, use your insurance company’s checklist/process to confirm that your protection systems meet its underwriting requirements before you purchase the insurance.

All told, there is no simple way to prevent data breaches but with foresight, preparation and an immediate action plan, you can prevent, minimize and respond quickly to any privacy breaches.