Pete Bettles, Chief Operating Office at Global Payments
The sheer amount of data created and held by businesses is staggering. We create 2.5 quintillion bytes of data in one single day alone. It’s not hard to fathom considering every email and website interaction, or payment transaction, is recorded – and when we’re streaming 69,444 hours of Netflix and making 154,200 Skype phone calls a day, it becomes even more understandable. This trend will only continue to increase as more of our important interactions occur online – even offline touchpoints are now recorded digitally too.
When we think about payments data specifically, payments systems processed more than 22 billion transactions in the UK alone in 2017. Whether that was to settle a bill, pay a salary or receive a refund, this amounts to the grand total of around £75 trillion. Those mind-boggling figures give us another indication of the amount of data that results from these types of transactions.
For businesses, this presents a growing concern. Out of all of the data that businesses hold, payments data is one of the most sensitive and valuable. Therefore, it has become a prime target for fraudsters and scammers. You only have to look back at some of the notable data breaches we’ve seen in recent years to prove the point.
It’s therefore incredibly important that organisations have in place the highest levels of security to protect their business from fraudsters as this threat continues to grow, and more and more of our important transactions take place online.
While there are some simple IT fixes that can be implemented like patching – the process of upgrading computer programmes to fix known security vulnerabilities and other bugs – or using strong passwords, there’s still more that your company can do.
But businesses need not fear as there are various initiatives to keep your payments data safe.
Reducing PCI Scope
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that all companies have to comply with. The aim is to ensure every company that accepts, processes, holds or transmits card data does so in a safe and secure manner. It has 12 specific requirements that fall into six different categories, ranging from the type of firewall configuration your organisation incorporates, updating anti-virus software systems to restricting physical access to cardholder data.
However, even though there have been a number of high profile payments data breaches, PCI DSS compliance has fallen among businesses, despite its proven security benefits in protecting payment systems from attacks. In 2017, only 52.4% of organisations maintained full compliance compared to 55.4% in 2016, illustrating this worrying downward trend.
Of course, as every business owner will understand, with a long list of other requirements and regulations to comply with, PCI DSS could well seem like just another piece of red-tape to add to the list. However, it is an increasingly important standard to comply with, because ultimately, it protects your customers’ data and helps avoid the hugely damaging impact a breach and non-compliance could have on your business.
One of the best ways to comply with PCI DSS is to reduce or remove the card data that you store and to limit the number of systems involved in processing it. By working with a specialist partner, organisations can get advice on how to do this and take advantage of services and products otherwise not available to them – services and products that consequently help to reduce PCI scope, secure your card data and validate your PCI DSS compliance.
Proactive Fraud Prevention
But the prospect of fraud isn’t a one-off battle unfortunately. Businesses must be ready to combat it at all times. Just as a cyber breach isn’t confined to 9-5 working hours, security software shouldn’t be either. Organisations must be looking to solutions that operate around the clock, offering 24/7 support.
If businesses operate in more than one region or across different time zones, it is even more important to ensure they are equipped with sophisticated security solutions. Looking to partners that can help keep card data secure at all times will ultimately build trust between the business and its customers. Beyond anything else, it’s important to work with those partners that understand the nuances of your sector and also have the experience to provide constant support across industry, size and geography.
While keeping up with compliance can feel like a daunting task, businesses don’t need to face it alone. There are a number of partners out there that can help support companies in their efforts to prevent cyber breaches – particularly when it comes to payments data. By harnessing the intelligence of experts in payments compliance, businesses can rest assured that their customers’ most valuable data will be kept safe, freeing them up to concentrate on growth.