Concerned about Card Data Security? Security Breach Response Strategy
Security Breach Response Strategy Concerned about Card Data Security? Check the headlines. You don’t have to go far to understand that the frequency and scale of data security attacks are worsening.
What if a data breach happened to your business today? Do you have a plan to respond? Despite your best efforts, a security breach of customer account data could have a devastating effect on your business, your brand, and your bottom line. Hackers continue to find ways around new security technologies and into the most vital data of companies; both big and small. In fact, hackers focus more on smaller merchants due to their perceived vulnerability. A study of nearly 300 cases of card compromise show that 85 percent of security breaches 1 occurred at merchant locations with less than one million transactions per year.
…85 percent of security breaches occurred at merchant locations with less than one million transactions per year.
Protect Your Business, Brand, and Bottom Line Small businesses are contributing more than ever to the nation’s economy. But smaller, resource-strapped companies don’t have the human or financial resources to defend against data breaches in the same way larger corporations can.
So what do you do? Consider partnering with an experienced resource that is well versed in data security; one that knows electronic payment processes and technologies; a company that has experience dealing with and developing industry standards for online commerce and data security. But don’t just leave it up to a business partner to do all the work. There are steps you can take as a business owner to make your customer’s data and your business more secure. Validate Your Compliance with the PCI DSS Understand how your business must adhere to the Payment Card Industry Data Security Standard (PCI DSS). While complete security can never be guaranteed, full compliance with the PCI DSS – and validation of your compliance - is commonly viewed as the best way to protect against unauthorized intrusion of your systems. Consider Additional Layers of Security Staying ahead of threats is the best way to protect your business data security breaches. Be sure to evaluate enhanced security solutions like encryption and tokenization to help protect your business from threats that are known…and those that may be just around the corner. Stay Educated Because security threats continue to change and evolve, you need to stay up-to-date on the latest in card data security. Work with your processor to take advantage of ongoing education on security topics and trends. 1
Trustwave, 2008
Proprietary and Confidential | 2
Security Breach Response Strategy Plan Now We’d all like to think a data security breach will never happen to us. But if you accept electronic payments, you’re even more susceptible to threats. Having a solid plan in place is essential in reducing the impact of a data breach. Here’s a three-part strategy that could work for your business.
Notification Think your system may have been breached or compromised? Start communicating now. According to card association rules, merchants who have suffered a confirmed or suspected breach of cardholder data must immediately notify their card processor or acquiring bank. The sooner you get help, the more quickly you can take steps to rectify the situation. Experienced partners know what to do during these critical times. This is where their expertise is vital. Your card processor or bank will help you understand requirements around investigation procedures and important timelines that must be met.
Investigation Act fast. Quickly limit and contain the exposure of a suspected or confirmed breach. A forensic investigation of your systems will take place. This is required to prevent further loss of data and to understand what led to the compromise. Your card processor or bank can provide you with card association-approved forensic firms that can perform audits. Also ask for assistance with disclosing at-risk accounts to the appropriate parties, and provide anonymous disclosure of compromised accounts to the card issuers. Sharing this important information can help investigate the source of the security breach.
Resolution When data is compromised, it leaves you with a very vulnerable feeling. This is your data. Data you use to run your business, manage inventory, build customer loyalty. And it’s your customers’ data. Data they implicitly trust you to protect when they make purchases through your business. Now it’s time to identify cracks in the system. Find out how hackers accessed your data and develop strategies and tactics to shut them down. This begins by validating your full compliance with PCI DSS, and quickly sending that compliance documentation to the card associations. While the card associations govern the determination and assessment of fines, your card processor or bank can help you advocate for a reduction or elimination of fines if such an argument exists under the rules.
Proprietary and Confidential | 3