In 2016, retail sales made through online transaction or paid over the Internet on a device reached almost $2 trillion. Almost 50% of these digital payments were made by people in Asia Pacific countries. Reports published by eMarketer indicate an upward trend and there’s a strong indication that e-commerce in the Asia Pacific region will go up by 6% this year.
On the other side of the table is the question of cybersecurity. Just recently, the United Kingdom charged an 18-year old student for launching one of largest international cyberattacks to date. This news has made the public uneasy about making online payments anew, with issues about protection of privacy, identity and money once again brought forth and threatening the momentum that the e-commerce industry and many business establishments, online and offline, has so far gained.
Generally, cybersecurity is defined as a body of technologies, processes and practices designed to fight off or prevent any damage, attack or unauthorized access to networks and computer systems. Data protection is just one of the aspects of cybersecurity and the security industry has been very vigilant in monitoring both cyber and physical threats to digital, online security.
Still, the first responder and the first line of defense to cyber attack is you.
Always, the fundamental rule to security is learning to defend yourself. This is what businesses today are doing, especially for those with physical locations that accept cashless payment. What’s clear is that protecting one business from potential cyberattack is tantamount to protecting all customers across the table . In the same breadth, protection for the customer begets higher confidence and trust in the online payment system which eventually benefits the whole e-commerce industry. As cyber security encompasses everything – IoT, big data, AI, robotics and all things tech, its benefits trickle down to all end-users.
But the reality is, authorities can only do so much. Data breach has happened across the globe and we have heard reports about credit card scams, ATM skimming, identity theft and other types of online security breach. Protection at the Point of Sale (POS) is key to shielding your business from these attacks. The first steps to take are outlined below:
- Mind the Law
The PCI-DSS (Payment Card Industry-Data Security Standard) is a cross-border standard that protects online users who put their banking data out into cyberspace. All business establishments, organizations and website owners, in fact everyone on the Internet, are required to be PCI-compliant. It ensures that all online payments are made in a secure environment. Being obedient to PCI DSS means you are following rules and best practices that will help you control and protect data, people and processes. These rules are applicable whether you are doing your business online or in a physical store.
- Use encryption
Thankfully, modern POS systems are now highly advanced, with data protection and security assured to the last byte. However, given the cost of high-end POS systems, small businesses are often tied to less sophisticated POS systems. But this doesn’t mean it’s less secure. All POS systems have the encryption function, even the older models. Encryption is the first line of defense at the POS and all the user needs to do is be diligent enough to make sure the fundamental rules of encryption are followed, i.e. regular code or password changes. This type of cyber security has always been effective because it is done at the initial stages of a digital transaction. Any effort to breach data or install malware is immediately prevented through encryption.
- Data Clean-up
In the digital world, security can’t get any more basic than cleaning up data. But in the case of e-commerce, data clean-up is a critical element in POS security.
Everytime a customer swipes his or her card to make a payment, the data from the card is stored in the system. In some cases, data is kept in the system to make it convenient for a regular customer to make another payment at another time. Of course, this is not the wiser option. To ensure that the data is protected, retailers need to make sure that it is wiped off the system at the soonest time after the transaction. This makes it impossible for hackers, or even those who have digitally or physically monitored the transaction, to use or steal the data. If, for any reason, credit card data needs to be stored, using hardware security modules for data encryption is the best way to go. Experts recommend using E2EE (End-2-End Encryption) and P2PE (Point-2-Point Encryption. In any case, if it can be avoided, do not store data on site.
Cyber security is never a question of whether you need it or not, it’s a question of how much you need it. For restaurants and retailers (and its clients) that are exposed to risks every time a credit card is swiped, security should always be at the top of the priority list. Being up to date with technology is one way to reduce risks, but admittedly, the cost can blow a hole into your small budget. Fortunately, there is an option to use SaaS (software as a service) which is simple and less costly for any struggling entrepreneur to afford. In using SaaS, you only need to pay a fee to receive technical support and get regular updates to the software to keep your system secure. Even at a lower cost, it achieves the bottomline of your defense – to protect customer information.