With information technology advancing at a great speed, data threat is also increasing, posing high security risks for entities like financial institutions, healthcare providers, wealth managers and so on. Today, the world is highly connected and businesses must take effective measures to protect important information. A database is the backbone of an organization. Retail businesses should be aware of the risks customer data faces and the importance of customer data security. Data security is a major concern when outsourcing data entry. But outsourcing to a reliable data entry company ensures confidentiality of data and minimizes cyber security risks.
Studies and other reports prove that hackers use methods like skimmers and malware to steal credit card numbers and other identification for their criminal activities. Therefore, business owners should take serious steps and invest in good data security systems for protecting customer data. Consumers now understand the importance of data and are becoming highly security savvy to protect their personal information from cyber criminals. Retailers need to step up their security systems because they are less secure than organizations in other sectors.
According to IBM Security’s “Future of Identity Study,” only 19 percent of US consumers, 23 percent of consumers in the European Union and 28 percent of consumers in Asia Pacific would trust a retail organization to protect their biometric data. At the same time a large section of respondents i.e. 42 percent, 44 percent and 57 percent in the US, EU and APAC respectively said that they would trust financial institutions to properly store the data.
The Future of Identity study found that of the respondents who said they had heard about a data breach, millennials were more likely than other generations to delete an account held by a breached service provider. 25 percent of millennials, as opposed to 21 percent of the general population, said that they would stop using an app or service that had been compromised. This suggests that younger buyers are more concerned about data security and more willing to take their business elsewhere if security needs are not meet.
Let us look at some ways in which retailers can increase data security.
- Do not reuse passwords
Louise Byrne, an IBM Security Marketer, was unable to log in to a music streaming service for which she paid a monthly fee. On checking for the reason why she couldn’t access her account, she found a message in heremail inbox from the provider, thanking her for changing her email address and password. Only then she knew that her account had been compromised. However, the provider hadn’t still faced any known data breach. She found that the breach occurred because she had used her email address and password combination unwisely for various sites, which could have been leaked. A quick online search revealed that her email ID and password had been exposed in at least four breaches. Though she was able to retrieve the account within a couple of hours, this experience was a warning.
The Future of Identity Study showed that 41 percent of millennials use the same password to access many accounts. A compromised password could give cyber criminals access to multiple accounts. So, consumers should be careful not to reuse their passwords across diverse websites.
- Security measures such as that of banks could be effective for retailers
According to the ITRC, of the 1093 data breaches reported last year, the financial services industry suffered only 4.8% of them, which is the lowest of any sector. The financial sector is known for investing more heavily in reliable security measures and compared to other industries, they have to follow a larger number of industry standards and government regulations. This is another reason why their data security measures are more effective.
The Gramm-Leach-Biley Act of 1999 established government oversight of the security measures of banks. It also introduced regulations to ensure that banks protect their customers. However, retailers and other businesses are not required to stay compliant with those federal regulations. They are governed by some state data security laws. Though retailers process and store customer information, they don’t follow federal standards, which puts customer data at considerable risk.
- Data encryption
Data encryption is an effective security measure, which uses an encryption key and an algorithm to create a ciphertext. This cipher text is stored in the database and remains safe from outside attackers. It is important that every in-store transaction is encrypted within the payment terminal before it is transported over a secured connection. Auditing of in-store payment terminals regularly is required to ensure that modified credit card readers have not been installed over the genuine terminal.
Here either payment tokens are used or information is exchanged after removing all references to the original payment information. In other words, customer data is handed over to a third-party system that returns a new and totally different set of numbers. Retailers who want to gain access to the data customers originally provided must verify their identity.
Data encryption and tokenization work best together and are great data security solutions.
- SSL or Secure Sockets Layer
SSL helps to validate the identity of a website or server. It is a prominent security protocol on the internet. With SSL, retailers can reduce the likelihood of a hacker intercepting the data mid-stream.
Most retailers are investing in security training and awareness programs for employees. It is the retailers’ responsibility to ensure that their customer data and payment information are safe. Customers should ideally be kept informed about the business’s security standards and protections implemented. Call center personnel and partners should be able to answer the questions and doubts of consumers.
Retailers should aim to provide a personalized customer experience and protect customer data from cyber criminals. Data breaches continue to make big news and one of the latest trends is an increase in ransom malware that targets organizations like hospitals, police stations and universities. Every organization should constantly focus on preventing, detecting and having the right capabilities in place to respond to data security incidents. Special care must be taken when outsourcing data entry to a third party provider, as well as when using other external solutions.