How NOT to be the next TalkTalk

06 November 2015

It’s not been a great few weeks for data security. First TalkTalk gets hacked, then Marks & Spencer has to shut its website down temporarily as customer details started showing up online.

Given these high profile breaches, it’s hardly surprising that 93% of respondents to a recent CapGemini study expressed significant doubts regarding the ability of retailers to protect their personal information in the event of a cyberattack.

Now more than ever, data failures cost customer loyalty, and in today’s highly competitive market, at this lucrative time of year, retailers can’t afford to lose revenue.

The route to better data security relies on not just paying lip service to PCI compliance, but on finding a better way to protect sensitive information without compromising the customer experience.

This isn’t just in the online environment, either; the store network is just as vulnerable to payment card fraud, yet 8 in 10 businesses will fail their interim PCI compliance assessment.

For bricks-and-mortar shoppers, the key to a safer experience is better payment security, yet until now, retailers have been given conflicting information from multiple sources about how best to do this. So let’s set the record straight.

Many retailers will have been told that Point-to-Point Encryption (P2PE) is the best route. This isn’t the case. It’s expensive, inflexible, difficult to manage, and shifts compliance responsibility back to the merchant.

Instead, businesses should be embracing a new way to increase data security: Unified Payment Service. In a guide we recently created – Payments Painkillers: how to secure customer payment data in a complex world - we advocate this new route to compliance, which takes responsibility away from the merchant, by removing sensitive data from their network entirely. 

Unified Payment Service encrypts data on the Pin Entry Device (PED), and uses a managed firewall to isolate the PED network from that of the store. The PED and Point of Sale (PoS) cannot communicate directly, which secures retailer networks from data breaches, and reduces scope for PCI compliance.

This particular route to safer transactions doesn’t just remove data from the merchant’s network; it removes many of the excuses that retailers give for failing to upgrade their security solutions – it’s too complex, too expensive, it doesn’t integrate easily and so forth.

Perhaps it’s time for a change of tact, where more retailers embrace new ways to secure customer information, before the excuses (and the customers) run out.

How NOT to be the next TalkTalk

It’s not been a great few weeks for data security. First TalkTalk gets hacked, then Marks & Spencer has to shut its website down temporarily as customer details started showing up online.

Given these high profile breaches, it’s hardly surprising that 93% of respondents to a recent CapGemini study expressed significant doubts regarding the ability of retailers to protect their personal information in the event of a cyberattack.

Now more than ever, data failures cost customer loyalty, and in today’s highly competitive market, at this lucrative time of year, retailers can’t afford to lose revenue.

The route to better data security relies on not just paying lip service to PCI compliance, but on finding a better way to protect sensitive information without compromising the customer experience.

This isn’t just in the online environment, either; the store network is just as vulnerable to payment card fraud, yet 8 in 10 businesses will fail their interim PCI compliance assessment.

For bricks-and-mortar shoppers, the key to a safer experience is better payment security, yet until now, retailers have been given conflicting information from multiple sources about how best to do this. So let’s set the record straight.

Many retailers will have been told that Point-to-Point Encryption (P2PE) is the best route. This isn’t the case. It’s expensive, inflexible, difficult to manage, and shifts compliance responsibility back to the merchant.

Instead, businesses should be embracing a new way to increase data security: Unified Payment Service. In a guide we recently created – Payments Painkillers: how to secure customer payment data in a complex world - we advocate this new route to compliance, which takes responsibility away from the merchant, by removing sensitive data from their network entirely. 

Unified Payment Service encrypts data on the Pin Entry Device (PED), and uses a managed firewall to isolate the PED network from that of the store. The PED and Point of Sale (PoS) cannot communicate directly, which secures retailer networks from data breaches, and reduces scope for PCI compliance.

This particular route to safer transactions doesn’t just remove data from the merchant’s network; it removes many of the excuses that retailers give for failing to upgrade their security solutions – it’s too complex, too expensive, it doesn’t integrate easily and so forth.

Perhaps it’s time for a change of tact, where more retailers embrace new ways to secure customer information, before the excuses (and the customers) run out.