Small Merchants Beware: Learn Why You Could Be at an Increased Risk of Data Theft
When it comes to data breaches, small retailers get hit hardest
In March of 2018, athletic wear brand Under Armour revealed that an unprecedented data breach had compromised the confidential data of over 150 million users of their MyFitnessPal health tracking app. Though the stolen passwords were encrypted, MyFitnessPal users’ email addresses and usernames were exposed, and Under Armour’s shares dropped nearly four percent in the aftermath.
Rapidly Advancing Tech Means More Frequent Breaches
As hackers become more and more sophisticated, large-scale customer data breaches are only becoming more common: Equifax, Facebook, Timehop, and Ticketmaster are just a few of the massive companies to come under attack in recent years. While data theft from well-known corporations make for shocking headlines, such massive hacks actually account for a mere 20 percent of all data breaches. In fact, according to data from the PCI Security Standards Council, the vast majority of hacker attacks prey upon the US’s 5 million small and medium-sized merchants.
In the aftermath of a data breach, a retailer must do damage control to protect their customers, salvage their reputation as a company, notify consumers whose data was affected, reimburse cardholders for their losses, and even face penalties imposed by credit companies, all of which can add up to significant financial costs. While a $500,000 hack might only mean a slight setback for big box retailers, the same amount can easily destroy a smaller business. And unlike large corporations, small and medium retailers, while aware of the risks to their business, often lack the time, resources, or technology to implement preventative security measures. Even small and medium retailers who take basic precautions against customer data theft often remain vulnerable to attacks from today’s highly skilled, sophisticated hackers. Meanwhile, the increasing frequency of data theft has made consumers less forgiving of merchants who compromise their private information.
Tokenization Disguises Data
Smart retailers both large and small must take data security seriously. Though modern hackers are getting better by the day, so too are data security measures, which are now easier than ever to implement. One such security measure, tokenization, is a simplistic system which essentially removes the need to store credit card numbers and personal data within the point-of-sale system itself. Tokenization creates a random string of numbers and letters, the token, during each credit card transaction.
This token is then used as a stand-in for the cardholder’s information, and since the customer’s information is not stored within the retailer’s POS system, the credit card information cannot be compromised during a data breach.
Minimizing Accessible Information with Point-To-Point Encryption
Point-to-point encryption also greatly improves POS software security. Rather than hiding the customer data through tokenization, point-to-point encryption, or P2PE, secures the card data as it is entered into the POS device. Through this method, customer data and cardholder information is never present within the memory of the merchant’s POS system, so information stays out of reach of stealth spyware and hackers will be unable to recover customer data during a system breach. Tokenization and P2PE security measures both comply with PCI-DSS requirements, and used in conjunction are an efficient and secure tool for small and medium merchants.
Though retailers bear the responsibility for protecting their patrons’ confidential information, their POS software provider can be a crucial ally as they seek to implement new security technologies such as tokenization and P2PE. A reliable and merchant-focused POS provider is an additional layer of protection, as they ensure that the retailer has the most up-to-date and in-budget solution for their company. In addition, to add an additional security measure, merchants should look to choose a POS provider who exclusively deals with PCI-compliant credit processing companies.