The payments industry is evolving at an incredible rate of speed. Social media and online accessibility have revolutionized the way consumers and businesses interact. In our connected culture, it’s crucial to understand the ever-changing data security challenges merchants face. Adhering to protocols such as EMV and PCI are a start, but compliance alone is not enough to keep your merchants secure. You need to understand your merchants’ vulnerabilities, so that you can develop effective strategies to maintain data integrity.
Challenges for the Mobile Market
Consumers expect the convenience of electronic payments in nearly every part of daily life. Manufacturers have responded with innovative mobile payment technologies, from simple encrypted card swipe readers to NFC-enabled devices. Now merchants of all sizes and settings can offer card payments. In 2015, mobile payments topped 8.7 billion dollars in the US alone, and that number is expected to triple in 2016.
Mobile payments are convenient for both consumers and merchants. Smartphone and tablet-based payments are designed to be especially easy to setup and use. However, this user-friendly approach can lead to potential risks for merchants. Because electronic transactions are part of everyday life, it’s easy to become complacent about data security. Without proper training, mobile merchants, just like the general population, may approach security too casually.
Prevent Malware Infections
Some merchants use their smartphone or tablet for both personal and professional needs. It’s a priority to make these merchants aware of how to protect their devices from malicious apps or other sources of malware. The most useful steps for security are also the most obvious: make sure to download operating system updates, download secure apps, never open unknown email attachments, and transmit data only over secure networks. These steps may seem like common sense, but it’s vitally important to reinforce them.
Avoid Hacker Attacks
Nearly every week, we hear about large-scale hacker attacks. Home Depot, Target, and Wendy’s have been hit. And just last week, HEI Hotel group, parent of Hyatt, Marriott and several more upscale brands, uncovered malware lurking in its POS terminals for over a year.
With EMV and PCI compliance standards, it seems like consumer data ought to be nearly impenetrable. So why, then, do we hear about so many breaches? Manufacturers aren’t asleep at the wheel, and neither are industry security watchdogs. Security protocols are continually being improved and implemented, and yet the problem remains.
The weak link is often human error. Hackers are good at figuring out new ways to steal data. And they’ve learned that social engineering attacks are easy, effective, and hard to detect. With social engineering attacks, hackers don’t have to work on defeating encryption; they simply bypass the controls. By convincing an employee to download an official-seeming file, hackers can install malware to access a wealth of customer data. And it can take weeks or months for businesses to find the leak.
Keep Your Merchants Secure
The good news is that there is actually quite a bit you can do to protect your merchants. With right practices, you can maintain a secure processing environment at the point of sale. Of course, the first step is to follow the strictest security protocols in software and equipment provided to merchants. But the second half of the equation is merchant training.
Because human error is the cause of many payment security breaches, it’s crucial to educate your merchants. There is no substitute for thorough training, followed by ongoing support and training. Merchant boarding is the ideal opportunity to begin this process.
How CDE Can Help
CDE Services provides comprehensive merchant boarding, tailored to the needs of your particular merchant base. We believe that if you educate your merchants well from the start, and continue to provide ongoing support, you can prevent many opportunities for security breaches. We realize the importance of education during initial merchant training, and we combine that training with ongoing call center support. In our next article, we’ll talk more about how CDE’s unique boarding and training process can benefit your merchant base.
Our connected culture brings new risks to the payments industry, but also amazing potential. There’s no need to limit your business or your merchants by avoiding innovation. With a combined program of security compliance and merchant training, your merchants will continue to thrive in our ever-changing payments industry.