Data Security: Part 1

by Michael Lichtenberger

Today’s High-Risk Reality

There is good reason to be invested in the security of credit card data and personal information. Whether inside the storefront or online, data breaches at major retailers, financial centers, and health care establishments are notable and more commonplace.  To avoid the potential fraud liability, some have upgraded to chip & pin, and chip & sign to their point of sale networks–and banks have issued credit and check cards with the latest embedded smart chip.  Retail adoption of EMV compliance, is slow – arguably due to the cost and a lengthy “certification” process for equipment.  To avoid the shift in fraud liability, merchants must upgrade to EMV technology.  Despite a move to a more secure transaction environment, it does not reduce the exposure to fraud for online and card-not-present sales.  Despite these efforts, there is still a level of complacency among small businesses and consumers alike.

Data breaches continue to increase in frequency, and cyber hackers are targeting not just the big box retailers, but now small businesses and even health care providers.  Identity theft and medical fraud by identity theft have arguably become an epidemic. As an owner or executive, there is a growing trend recognizing cyber security a strategic risk to their business.  Technology companies and manufacturers fear that proprietary processes, product specifications, and even client histories could be lost.  Others, such as retailers, banks and financial institutions and health care dread the release of identifiable information of their customers and patients.

According to the Identity Theft Resource Center [ 11/29/2016], there were nearly 1,000 data breaches reported in 2016.  Over 34 million individual records were potentially compromised.

Segment # of Breaches # of Records
Bank/Financial Institutions 42 71,912
Business 409 5,529,046
Education 79 1,033,863
Medical/Health Care 337 14,653,156

The losses from cyber-attacks are expected to quadruple by 2019.  Insured losses and uninsured costs to US businesses were a staggering $100 billion according to a 2013 report by the Wall Street Journal [WSJ Online 7/22/2016 Sioban Gorin.]  The British insurance company Lloyd’s estimated losses in 2015 at $400 billion.  Steve Morgan, a cyber security commentator and contributor to Forbes, believes losses will reach $2 trillion by 2019 [ 1/17/2016.]

Is Data a Cause for Concern or Cause for Alarm?

Merchants have not totally embraced compliance with Payment Card Industry Data Security Standards [PCI DSS.]  These are a minimum set of requirements and widely accepted policies and procedures.  These are intended to optimize the security of credit and payment cards and protect cardholders against misuse or abuse of their personal information.  PCI DSS is commonly discussed but seldom understood.  Businesses have an incentive to comply: increased risk of a data breach; higher processing charges; and penalties for non-compliance.

Retailers all seem to be collecting data on consumer buying habits.  Company loyalty programs track and record our purchases to predict what, when and how much we may buy – and stock their shelves accordingly.

Of course, this leads to BIG DATA and sales analytics for the company.  There is internal accessibility and potential inappropriate access if there are no safeguards.  More so, multi-store data collection is often done in real time so encryption and external vulnerability must be assessed.

Customer Relationship Management [CRM] and Enterprise Resource Planning [ERP] software come in all sizes and applications.  Complex software and simple, smartphone apps are standard tools that can be accessed through website portals and virtual private networks.  Information is often obtained and transferred by remote access or using personal devices [tablets, smartphones.]  Customer, vendor and third party accessibility could lead to unprotected downloads of your sensitive information.

Cybercrime and the frequency of cyber hacks will no doubt continue to rise in frequency, cost and disruption.  Cyber criminals have become so technologically advanced, that it’s hard for law enforcement to follow any electronic footprint and cyber trail.  Traditional methods may be inadequate and time-consuming. Businesses are reluctant to report cybercrimes despite the law that requires disclosure when personal information is breached.  And, of course, most companies will fear the negative publicity and loss of consumer goodwill.   In many cases, unauthorized computer access may go undetected by the business whose data network has been compromised.  More so, legal issues and legislation have challenged the development of public policy since the internet operates internationally.

Related Articles