W
hen it comes to money today it seems it’s all change. Contactless
grows in popularity every day, mobile payments are gaining wider traction and before long we’re likely to be paying with our fingerprints. In fact, when it comes to money, it’s everything but change.
The modern pace of life means that convenience is king. We want to be able to do everything quicker, easier and with less fuss. That’s why 2015 was the first year where cash accounted for less than half of all transactions and people have turned to the ‘Tap and Go’ approach to payment of contactless. It’s also why biometrics (Minority Report-style iris payments) is where the payment industry sees itself heading. The current way of doing things is to take the path of least resistance and retailers need to accommodate that.
For the consumer, a cashless society (or as close as we could possibly get) is more convenient and more consumer-centric.
For the merchant though? Quite the opposite: more methods of payment, more data to manage and more risk. Accepting the wide range of alternative, non-cash payments will help you win customers but only if you can do so securely.
Playing the data game
The value of data is well established and well understood; it has become a commodity in its own right. Whether it’s contactless, mobile or biometric – all these cashless forms of payment are based on customer payment data. Accepting these forms of payment helps inform marketing and business strategies. Retailers are able to better understand their customers, provide better experiences and ultimately sell more. As with anything that is highly sought after, it needs to be secured. According to research from Censuswide focusing on retailers in 2015, 22% of UK retailers have faced hacking attempts.
Collecting the reams of data that will be available in a cashless society will become a double-edged sword for retailers. That data could provide the competitive edge that a business needs in a hyper-competitive marketplace. Get it wrong though and it could be catastrophic.
Security – it’s a state of mind
When it comes to our money, we want it to be safe. When that money isn’t cash, it becomes harder to keep safe. With digital payments becoming standard, merchants
© CI TY S ECURI TY MAGAZ INE – AUTUMN 2016
cashless society
Securing a
have to understand a big strong safe won’t be enough to protect them or their customers.
Consumers understand the importance of security. If they don’t feel safe, they don’t spend. It’s the merchant’s job to make sure that they are able to provide peace of mind. A data breach is a double threat for any retailer. The immediate impact will come in the shape of penalties, fines and reparations to customers whose data has been compromised. This alone would be punishing enough for a retailer, but the follow up is far worse. A data breach is a hard thing to shake off in terms of reputation – once consumers have lost their trust in your business, you’re fighting a losing battle. It’s much easier to lose customers than win them back. As cash gets replaced, the stakes for security will only get higher. Anyone processing payment will have to work hard to win and keep the trust of their customers.
Know your enemy
Understanding the risk is the first step to protecting yourself against the heightened risks of non-cash forms of payment. Understanding the difference between securing your business today and tomorrow compared with yesterday will help protect your business and your customers. Be vigilant, aware and ready to react, and both your business and your customers will reap the benefits of going cashless.
So what can you do to protect your business?
1. Know your data
If it’s feasible, you could remove sensitive data from your business altogether and replace it with a valueless token through an accredited tokenisation service.
2. Only use trusted third parties
When outsourcing any part of your e-commerce infrastructure, make sure you carry out due diligence so you know your partner is fully secure from a Point to Point Encryption (P2PE) and Payment Card Industry Data Security Standard (PCI DSS) perspective.
www. c i t y s e cur i t yma g a z i n e . c om 3. Keep your security systems updated
Make sure your malware scanners are up to date and set up to scan your website infrastructure. Monitor the results frequently to have more chance of spotting anything suspicious.
4. Plan in advance for a breach
Have an incident response plan in place and regularly test it. This is crucial if you want to respond to a detected data breach quickly and effectively. Very often businesses are not sure what to do, who to tell or what evidence they need. This causes vital evidence to get lost and means the criminals may never be caught.
So what should you do now?
Securing customer data might seem like a daunting task but it shouldn’t be. Take the time to understand the risks and then take steps to mitigate them. It isn’t a battle to fight alone; make the most of outside help where you need it. Remember, your expertise is in selling, not securing data. Consumers want convenience and a cashless society will bring that.
Don’t forget, though, that simplicity doesn’t trump security; get that right and we’ll all be winners.
Nick Stacey The Logic Group
www.the-logic-group.com
> 35
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40
