By Nodus 12 February 2020
A data breach can not only harm a company financially, but also tarnish their reputation by compromising their clients’ trust. Companies need to proactively explore and implement measures to protect against payment security risks and reduce the impact that a data breach can have on their businesses.
Here are three reasons companies need to take a greater stance to protect their business against data breaches.
1. The financial impact of breaches is growing
Malicious attacks on customer data have grown in complexity and sophistication, making even large companies with advanced security measures vulnerable to cyber-attacks. According to the 2019 Cost of a Data Breach Report, the average cost of a data breach is $3.92 million. Companies can be fined for the compromised data, and then have to pay additional costs to remediate the impact.
2. Compromised data weakens customer loyalty
Aside from the immediate expense of a data breach, companies can also suffer from a declining customer base. A data breach can weaken the trust that a recurring customer has with your business, and losing recurring customers can have a huge effect. In 2019, customer turnover due to data breaches was an alarming 3.9%. Recurring customers tend to buy more from your company and are more likely to recommend your services to others. It’s also easier to keep a loyal customer coming back than it is to establish a relationship with a brand new customer, which can save time and money while increasing profits.
3. Data breaches affect brand reputation
In addition to losing current customers, data breaches can inhibit a company from obtaining new customers. Customers who don’t have current experience with your company may rely on online reviews, related news, and word of mouth to decide whether or not to work with you. Poor brand reputation will encourage them to look elsewhere.
One way to prevent costly data breaches and reduce the number of entry points and storage hubs for payment data is to implement tokenization. The use of tokenization reduces the scope of Payment Card Industry Data Security Standards (PCI-DSS) compliance by removing sensitive payment data from a merchant’s local environment. However, to ensure a seamless payment acceptance process, the chosen tokenization approach should be compatible with any application that the merchant plans to process and record payment data from, including their ERP or accounting system.
Additionally, companies can employ Point-to-Point Encryption (P2PE) to secure the credit card information at the time that it is entered into the system. Tokenization helps protect the data once it is stored within the payment application, but P2PE helps protect the card data “in flight” as it passes between systems to help prevent it from being compromised. For example, hackers can steal the data between the data being entered using a keyboard and the data being sent to the payment application. P2PE devices encrypt the card data before it is sent to the payment application. Once it reaches the payment application, the data will be securely decrypted and passed to the processor to authorize the transaction.
Recent data breaches have put both large and small companies on high alert. However, with the right security measures in place, companies can protect both themselves and their clients as technology develops and transforms payment practices for years to come.