Are you ready for the bad guys?Gerry Metzger

We here at Crimson spend a considerable amount of time tracking thetechnology and developments of the payment industry. Last year has beencalled the Year Of The Breaches, due to the quantity and size of theseoccurrences. Beyond the general interest, we try to find out specifically whathappened in each case, so that we can advise our clients and customers how toavoid these same pitfalls. This exercise has led us to some interestingconclusions.

1 The number and magnitude of the breaches are climbing. Target had110 million customer records stolen and Home Depot had over 56million credit and Debit cards compromised. Now 43% of the top 500retailers admit to a data breach within the last 2 years, and 60% ofthese had more than 1 breach in that time period.

2 All breaches are caused by some vulnerability in the company’s dataaccess. Most breaches occur due to a weakness that had previouslybeen identified, but not rectified. Even Target had introduced a chipand pin program 10 years ago but after 3 years saw little value in thisinitiative and stopped the rollout. This mandate is now back on with fullsupport and far more cost.

3 For the first time, we saw high executive turnover directly related to abreach. Organizations now realize that they need to understand what’sin their data environment in order to protect it. PCI compliance alonedoesn’t do it. Target was certified PCI compliant.

4 Letting a breach happen is one thing, but dealing with it correctly isquite a different matter. Consumers demand a clear and decisiveresponse. Most organizations have a plan in place but if it has not beenimplemented and tested it is almost worse than no plan at all.

5 Customers are now more reluctant to give up personal information,particularly if their data has been violated with a breach. The consumermust feel comfortable sharing information with the merchant. This

demands the highest level of integrity for the brand. Open and honestcommunication is the key during any recovery process.

6 When customers shun companies that have experienced acyberattack, the cost of the breach can be devastating. According tothe Ponemon Institute, the average cost of each lost or stolen recordcontaining sensitive information is $201. They attribute 38% of this costis due to lost customer business and 16% of it is due to legal expensesto defend against lawsuits and provide answers to various regulators.

7 About one third of companies have purchased cyber insurance. Theseare usually companies with good IT security practices. Your likelihoodof experiencing a material data breach over the next 2 years is 23% ifyou are a public organization or a retailer.

At Crimson we are focused on the security of sensitive payment transactions.We have moved beyond PCI compliance and are actively installing EMV readysolution with our customers. This chip and pin technology will not prevent abreach but will reduce fraudulent transactions. This is a key requirement for allmerchants as the responsibility shift of October looms. Our leading clients areinstalling P2PE solutions for security in their payment processing systems. Evenif encrypted data is stolen, it is useless to anyone not authorized. We havebecome good at payment transaction security over the last few years. AtCrimson we have a solution for every size and budget. This year we willcontinue to work with our customers and partners to stay 3 steps ahead of thebad guys.

website l twitter l linkedin