MAG Insights

Announcements from the MAG & Featured Articles

MAG Sponsor Spotlight: Protecting Your Most Valuable Currency - Data (MAG Quarterly- Volume Seven, Issue One)

KSullivan pic
By Kim Sullivan, Vice President & General Manager, NCR Payments

March 7, 2019

With fraud losses in the U.S. reaching a staggering $24.B in recent years, merchants undoubtedly understand the importance of prioritizing and maintaining laser-sharp focus on cybersecurity to avoid becoming another data breach statistic. News stories are plentiful with examples of businesses across almost every industry experiencing security breaches, which affirms the unfortunate reality that no business is too big or too small to become the target of a cyberattack.

Your data and your customers’ data are a highly valuable currency – not just to you, but to cybercriminals who want to monetize it. The increased adoption of EMV cards is creating a shift in criminal behavior to perpetrate New Account Fraud (NAF), which entails exploiting stolen Personally Identifiable Information (PII) – name, birth date, social security number, etc. and selling it to illegal markets. This is becoming a more lucrative alternative for cybercriminals than duplicating traditional mag stripe credit cards. In the previous year, there was a 40% spike in fraudulent card-not-present transactions that involved criminals committing NAF with stolen PII and making fraudulent online purchases.

As a merchant, you most certainly understand the importance of protecting payment card data. If you are using a PCI validated payment solution to process credit cards, you can feel comfortable knowing that the data travels securely across the payment ecosystem. If you are not certain if the payments solution you are using is PCI certified, visit the PCI website to confirm.

Cybercriminals know how difficult it is to breach payment systems, so instead they want to gain access to data because oftentimes it is not as securely protected.  Your systems are rich with all types of sensitive data – employee PII, customer information that you may capture for loyalty programs or marketing purposes, company inventory, financial records, and the list goes on. Cybercriminals are motivated to breach networks to steal this valuable data and it’s your responsibility to keep them out. To help uncover the potential for your business being breached, consider these questions:

  • Do you regularly update your systems with security patches to ensure you have the most up-to-data protection?
  • Are your employees trained to actively protect devices from being compromised by not opening spam emails or clicking on links and attachments in emails from unfamiliar sources? Both of these examples can expose your business to malware being introduced into your network.
  • Can you afford to lose customers, suffer brand damage, or pay costly fines if your business experiences a breach? Unfortunately, 60% of small businesses go out of business within 6 months of experiencing a breach.

The good news is there are effective preventive measures you can implement in your environment immediately to help ensure the computers and devices in your network remain secure.

  • Assess your organization’s overall risk of sensitive data being compromised. 
  • Make sure you know all the types of data that exist on your systems and ensure there are controls for who can access the data 
  • Evaluate and understand the impact to your organization if sensitive data becomes compromised. 
  • Ensure you are prepared with strategies for not only preventing a breach, but that you have a response plan ready in the event a breach occurs. You don’t want to figure out in real time should a breach occur. 
  • Determine if vendors have remote access into your environment and then take immediate actions to administer the appropriate restrictions 
    Implement a commercial grade firewall that manages and restricts inbound and outbound traffic. 
  • Focus on securing all endpoints in your network. Cybercriminals use specific tools such as key-loggers and memory scrapers for collecting sensitive data from endpoints. 
  • Ensure you have an effective process for keeping systems up-to-date with security patches for all software on your system. Oftentimes, cybercriminals will exploit known vulnerabilities within software to carry out malicious attacks