Consumer retail transactions are increasingly cashless, whether using established items like credit and debit cards or newer payment options like the mobile wallet. But with the growth of cashless transactions comes an increased risk of data breaches.
High-profile examples of retail data breaches in 2014 include names like Home Depot, Michaels and Neiman Marcus.
Retail brands wanting to keep customers’ financial data and their brand reputation out of harm’s way must take the right steps in protecting vulnerable information. Adopting a data security strategy based on guidelines from the PCI Data Security Standard (DSS) is only a start in protecting customers from potential breaches.
Below are five steps retailers should take to keep their customer’s financial information safe from potential data breaches:
Know exactly where your business is being conducted
The majority of retail brands have customer data spread out across multiple locations, including corporate offices, retail store locations or the brand’s online portal. This means it’s critical for that retailers understand how and where customer data—especially payment information—is being accessed, handled, and most importantly, secured.
Recognize data at rest
Retailers are constantly storing information in multiple locations, usually for the customer’s convenience. However, data stored on portable devices such as laptops or archived on servers is often forgotten and thus becomes a prime target for hackers. Retailers must encrypt all data at rest to prevent a possible breach should a device be lost or stolen.
Track moving data
Retailers need to have a clear understanding of how customer data is moving through their infrastructure. Technologies like sniffers and network traffic monitoring software let them track where customer data has been, where it’s headed and most importantly whether or not it was encrypted during flight. They can then adjust security measures in response to a potential threat.
Join forces with a security expert
By partnering with a data security vendor, retailers can leave management of their security infrastructure to the experts and focus on what’s really important — selling merchandise and keeping customers happy. A partner can monitor and implement the most appropriate security measures in response to both current and emerging threats.
Implement an encryption policy
Retailers need an encryption policy that is mandatory yet manageable. Role-based controls are also a critical component; this implies only specific individuals have the ability to control or access information. Routine and ongoing audits are also recommended to ensure that a company’s data security and encryption polices are constantly being enforced.
It’s unfortunate that data breaches continue to compromise the personal information of millions of consumers, and recent incidents have only heightened awareness among retailers. IT decision makers and executives recognize the need for enhanced security policies and strategies, and must continue to craft innovative solutions to better protect customer data. The five steps noted above are an important aspect of that continued evolution.
Garry McCracken is vice president of technology partnerships at WinMagic