How to Stay Protected in this New Age of Data Breaches
The rate at which data breaches are hitting and impacting businesses shows no sign of slowing. In fact, according to the Identify Theft Resource Center, the number of breaches so far this year has already surpassed the number of breaches around the same time last year by almost 35%. (Here’s a list of breaches that have already occurred this year.)
Security breaches keep happening because they can. In the payments industry in particular, there have never been more options for consumers to purchase goods and services, whether it’s through an e-commerce website or with a mobile device at a cafe. Omnichannel payments have provided convenience for both sides of the transaction, but they have also become opportunities for criminal hackers, and as a result, vulnerabilities for consumers.
What do hackers do with the information they rob? Engage in fraudulent activity with stolen identities. However, this doesn’t necessarily happen right away. According to a report from Javelin Advisory Services titled "2017 Data Breach Fraud Impact Report: Going Undercover and Recovering Data," three-quarters of total fraud losses for last year arose from individuals who had been victims of a data breach within the previous six years. Not comforting. So, if you made a purchase at a company that then experienced a data breach, you might be paying for it years down the road. As a customer, that’s a pretty scary thought.
Businesses need to do their part. It is absolutely the responsibility of a business to ensure their data and the data of their customers is safe, whether it’s being processed or it’s at rest, being stored in a database. Customers put trust into merchants they give their business to, assuming their information will not be exposed outside of the transaction they’ve engaged in.
But, it happens. It happens to businesses of all kinds: small or giant. Just recently two major brand names were hit hard by breaches: restaurant chain Chipotle and retailer Kmart. This is also the second time that Kmart has been hit with malware affecting its payment systems. Even household names are struggling to protect themselves and their customers. Have data breaches become somewhat inevitable? Yes. However, businesses have the tools available to them to protect themselves against the impact of a data breach.
Proactivity and preparation is everything. All too often, more energy is put into cleaning up the mess, after a breach has occurred, than planning ahead and preparing for a breach. Everyone should have an incident response plan to control the situation during a breach. This will help you control actions and communication, and ultimately lessen the impact of a breach. Let’s not forget that coupled with that plan should also be the development and consistent updating of a comprehensive security program, to prevent the actual impact of a breach.
A risk management program will help you decide where to focus your energy and close your biggest vulnerabilities first. At least once a year, conduct a risk assessment in as large of a scope as you can. Bring in stakeholders from all over the business and openly discuss where each group sees areas for improvement. It’s also helpful to evaluate your business on a security maturity model such as COBIT.
What should you include in your security program? Powerful security solutions. The PCI Security Standards Council recommends payment data solutions like tokenization and point-to-point encryption (P2PE) that can not only help businesses better manage PCI compliance, but also provide strong, modern encryption. Tokenization won’t keep a hacker from breaching a system but it drastically reduces its impact. Tokenization is a process that replaces actual sensitive data, like a credit card number, with a valueless token that’s otherwise useless to a criminal seeking the information. Combined with P2PE, a solution that protects sensitive data with encryption from the moment it is captured through its full lifecycle, businesses can prevent the use of sensitive data for fraudulent activity in the event a system or network is breached.
There’s no way around it. Breaches will happen and if businesses don’t put the right steps into place to protect customer information, the impact can be devastating and lasting. Do the research and ask the questions that will get your business set up for a much less painful impact if and when a breach does occur.
Justin Shipe is VP of information security for CardConnect, a leading provider of payment processing and technology solutions, helping more than 67,000 organizations – from independent coffee shops to iconic global brands – accept billions of dollars in card transactions each year.
Department store giant’s annual anniversary sale goes digital
Nordstrom is putting a modern spin on a 50-year-old tradition.
The Nordstrom Anniversary Sale — an event that launched in the 1960s — is stepping up its digital game this year. To drive customer engagement throughout the two-week event which kicks off on July 21, the department store giant teamed up with Snapchat to create a custom lens that features accessories that will be highlighted during the Anniversary Sale.
To access the lens, customers can scan Snapcodes that are printed on coffee cups, catalogs, ad materials and in-store signage. In addition, Snapchat Geofilters will allow customers to share their location while shopping at any full-line Nordstrom store. Snapchat currently has 166 million daily users.
Nordstrom is also launching a "Scan + Shop" feature that enables cus-tomers to add items from its sale catalog to their Nordstrom app using their camera icon. To streamline the procurement of these and other online purchases, customers can retrieve orders via Nordstrom’s buy online, pickup in-store (BOPIS) service — in addition to curbside order pickup, according to the retailer.
These digital enhancements will augment Nordstrom’s vast breadth of featured merchandise that will range between affordable and luxury price points. Assortments will span categories including clothing, shoes, hand-bags, accessories, home and beauty.
Target CEO: Hispanics are shopping less
An important demographic for many retailers appears to be staying home more these days.
In remarks at Fortune’s Brainstorm Tech Conference in Aspen, Colorado, Target CEO Brian Cornell cited an 11% dip in shopping activity among Hispanic consumers in the past several months. (A Target spokesman said later he was referencing industrywide data from the NPD Group, The Star-Tribune reported.)
“There’s almost a cocooning factor,” Cornell said.
"They are staying at home. They are going out less often, particularly along border towns in the United States. You’re seeing a change in behavior.”
Cornell emphasized that Target is working to connect with these shoppers that are staying in more. And the drop-off in shopping activity has not deterred Target's Hispanic-focused marketing efforts, he added, as well as its listening efforts to better understand their needs.
"If you look at our current media campaign, you’ll see a really important balance between our general population campaign and a very focused effort to continue to build that relationship with the Hispanic consumer," Cornell said.
Cornell highlighted the company's recent efforts to foster innovation by providing seed money — an effort he said made him realize that the company’s innovation efforts are best when aimed at improving customer experience.
“Innovation has to first start with, ‘What is our guest expecting from Target, how does it help out core enterprise and what are some things we can do to build a stronger brand?’” he said. “We’re working on the future and embracing technology, embracing innovation but really funneling it into our core enterprise to meet the needs of our guests each and every week.”
Cornell acknowledged that offering the brands that shoppers are looking for is an integral part of reaching consumers. He cited Target’s work with razor company Harry’s, which began online as a subscription-based service. Target brought Harry’s into 1,800 stores earlier this year and consumer response has been strong.
Looking to the future, Cornell said perfecting a harmony between Target’s physical and digital presence is a priority. And that the physical store will continue to be a large part of its strategy. He cited Whole Foods Market's recent acquisition by Amazon as evidence of the continuing importance of physical retailing.
“I recognize that we’ve got to be thinking about tomorrow, but tomorrow includes physical stores and a great digital connection with a guest,” Cornell said. “And I think the Amazon-Whole Foods announcement just validates that even Amazon recognizes a great physical presence is going to play a role in the future. … In today’s environment, stores still matter, and even for Amazon, I think there's a recognition that a physical store and proximity is important to the consumer.”
It’s Target’s ability to deliver on both of these, as well as its agility, that Cornell sees as positioning it well for the coming years.
“The versatility of our model, the multi-category nature and our ability to fulfill that both from a physical and a digital standpoint makes us very unique in the market," he said.