Wednesday, September 17, 2014

Safety first. In this age of security breaches and computer hacks, we’re wise to take steps to protect our personal data and that of our customers.

Have you ever Googled yourself? I have; and I’ve also run other test searches about myself. The amount of personal information, or data, that’s out there floating around in cyberspace is mind-boggling. And I know enough to know that the data I see, and have access to, is only a fraction of what exists. 

Data is a valuable commodity. In business, we use data to make smart decisions about marketing, ultimately putting it work to better position our brand, redirect our advertising dollars, drive sales, and so on. 

In the black market world, hackers bypass most of the data that we use for marketing and reach straight for personal financial data. We’ve all heard about the big ones—major retail hacks and healthcare system leaks—but what about the smaller breaches that don’t make the daily news? Even if it’s silent, the threat is there. Just as we take steps to protect our own personal information, it’s our obligation to do the same for our customers by having systems in place to protect data.

At Shamrock, we’re aligned with a host of resources that manage payment processing, data control and security services. Based on each customer’s specific industry requirements or business applications, we match the appropriate providers who then customize solutions that work to secure their data and operating systems. What we’ve learned about securing data, regardless of market or industry, is that the best offense is a good defense.

In light of recent threats, we’ve talked with these vendors about proactive steps we can take to shore up the data security effort on all fronts; following is checklist that one of our partners provided that’s well worth sharing. It highlights five key security items:

1.    PCI Training. Company policy should mandate PCI training for employees to ensure that proper procedures are followed when dealing with electronic payments.
2.    Advanced DUKPT (Derived Unique Key Per Transaction) card cloaking. DUKPT methodology eliminates the risk for card cloning.
3.    Encrypted Key Pads. Encrypted key pads enhance security of manual card entry.
4.    Implement EMV at POS. As of October 15, 2015, every merchant must have 95% implementation of EMV devices to avoid liability for fraud, penalties and fees.
5.    Maintain Certification. Ensure networks and equipment are maintained with quarterly scans and updates.

If you’d like to read more about a defensive security strategy, the link below takes you to a whitepaper that provides a closer look at a layered solution to data security.

Responding to New Threats in Card Security