The payment transaction consists of critical customer data, representing a significant value opportunity to both the customer and the potential hacker. The primary account number provides the validation link to the bank account, with the CVV shown on the card representing a good indication that the card, expiry date and customer are valid pieces of critical data.
Protecting this sensitive card data at all costs is a given, to maintain the trust and credibility of your customer, in both your brand and your business as a whole.
As the retailer, the financial risk and the loss of this credibility cannot be overstated. Consider some of the high-profile breaches of security data over recent years to understand the impact on the retailer:
The average total cost of a data breach is £3m
None of the companies breached during an investigation by Verizon PCI DSS investigations team were PCI-DSS compliant
Your payment acquirer can be fined up to £75k per month for a merchant’s non-compliance. The acquirer will find a way to recoup these losses
69% of customers are less inclined to buy goods from a breached retailer
80% of retailers are still not compliant
Card Numbers, PIN’s and Card Verification Value are most attractive to the 'would be' hackers, which the PCI council refer to as Sensitive Authentication Data. Remember, you can purchase some items from high profile websites using just the Card Number and Expiry Date. The value of this information and data is a significant driver and motivation for the criminal hacker to consider attacking your payments environment.
Formulating a well thought through strategy of security within your payments environment is a critical activity and a step in the journey to effective protection. Key to this strategy is the answer to the question;
Do you focus resource on better protecting your data assets or should you work to remove the temptation from your environment?
In simple terms 'when' a breach occurs, hackers finding de-valued card data will be unable to purchase goods with this data. We believe de-valuing this critical data is the key to efficiently managing the risk of payments - being secure by design.
Card Tokenisation is the key to this de-valuation process and the significant reduction of your PCI-DSS compliance scope, allowing you to better manage the risks of payments and focus your energies on driving revenue.