The hacking of customer credit card information seems almost a fact of life for modern businesses. A recent USA Today article listed some of the most high-profile examples. First there was Target in 2013. Home Depot followed. Neiman Marcus, Wendy’s, Chipotle, Arby’s, and Kmart were next. All the while, the customers of countless smaller businesses were also targeted. Why haven’t businesses taken more steps to dispel the specter of credit card data theft?
“It’s expensive and complicated to get systems to up [to] the point they’re really hardened against these kinds of attacks,” threat intelligence manager John Miller told USA Today. Although it can be costly to take preventative measures, averting a credit card data breach is well worth the price. According to a 2016 study commissioned by IBM, each stolen record costs a retailer $172. With many credit card data hacks targeting thousands, or even millions, of customers, the financial impact of a successful attack can be devastating.
Chip Cards More Secure
Many attacks on point-of-sale systems (in other words, the modern cash register systems where customer credit cards are swiped) involve the criminal insertion of malicious software. As credit and debit cards are swiped through the point-of-sale system, the software records data and later sends it back to the software coders, who then sell it on the dark corners of the internet.
Perhaps the most powerful step retailers can take to prevent point-of-sale attacks is installing chip card readers to replace magnetic strip card readers. This costs money, but it is a worthy investment. Unlike magnetic strip readers, when a payment installation reads a chip card, the card’s three or four-digit security code is specially encoded, and it changes each time the card is used. If a thief steals the credit card data from a chip card reader, it does not come with the card’s security code, meaning the data is far less valuable to the thief. Credit card data without a security code might be of little or no use in creating a fake card or making purchases online.
Still, while chip card readers are a powerful tool against cyber crime, USA Today reports that only about 44 percent of retail storefronts are currently using them.
Take Action Now
Beyond moving to chip card readers, there are other steps to prevent credit card data theft, such as maintaining PCI DSS compliance. Part of PCI DSS compliance includes keeping up to date with the latest software security patches. The important thing is to take action, and to do it soon. Once a data breach has occurred, there is no unringing that bell. Data theft will mean dealing with the costs of upgrades to prevent another breach, addressing the public relations fallout, and compensating customers who have had their data compromised. If you bear responsibility for credit card data security, get in touch with a consultant who can advise on ways to protect your company and your customers.