Data protection tips for the online shopping season

Singles Day, the world’s biggest online shopping event happening on November 11 (11.11), is a big day for many retailers, especially with the increasing trend of online shopping globally.

With the shift towards omni-channel retail experiences, Patrick Wong, head of Security Engineering, APAC at Verizon, reminded that it’s important for retailers to keep customer data, including payment card data, secure across devices and channels, “while more sophisticated security features like two-factor authentication have been added to credit and debit cards over the last decades, it is just part of the answer. Retailers must make sure that they have robust security measures in place. Otherwise the customers’ data may be left vulnerable—and a data breach could ruin anyone’s mood to shop.”

Protecting data during and after the transaction is crucial to payment security and Verizon shared these recommendations for retailers:

• Be vigilant for evidence device tampering. Retailers should conduct regular checks of all devices that capture payment data. This should include training employees to recognise signs of tampering and make sure that devices are stored securely when not being used.
• Encrypt data using the latest, more secure, methods. Websites and apps should be built using secure coding techniques and use the latest version of TLS. For in-person payments, point-to-point encryption (P2PE) protects data from the point-of-sale (POS) until it reaches a secure decryption environment.
• Make sure everyone who processes the customers’ payment cards, including the third parties, have robust identification and access policies. This includes changing all default passwords, using strong authentication and making sure that users don’t share accounts. Don’t keep any more data than you absolutely need, keep it longer than you need to, or give anybody access unless they need it to do their job, Verizon advised.
• Invest in your employees. They can be your greatest asset or your biggest weakness. Provide them with training so they can identify threats and raise the alarm, and monitor and measure the effectiveness of security controls. This is crucial to building a sustainable control system, one that stays effective as the company and the threat landscape change.

Verizon’s research has found that cyberattacks target businesses of all sizes and just one data breach could have a long-lasting impact on a company’s reputation.

“Keeping customer data safe isn’t just about passing a test once,” said Wong. “The security controls are being tested every day, and they need to be both robust and resilient. Customers put their trust in your business every time they make a purchase. Don’t let them down.”