Getting to grips with cyber security is one of the most crucial tasks businesses face in 2016. With the levels of attacks escalating and awareness among consumers increasing, keeping data secure – and retaining the trust of your customers to do so – will be an important part of success.
The figures provide some stark reading. Research from the UK government published in June 2015 shows that 90% of large organisations suffered information security breaches the year before1, as did 74% of SMEs. Again, the cost implications are troubling. The average cost of the most severe breach for companies with 500+ employees is £1.46m-£3.14m. For SMEs it’s £75,000-£310,800 – a level that can do significant damage to a business.
Consumers are also becoming increasingly aware of the threats. Deloitte research shows that one in five of them have had personal details stolen and their bank accounts used to buy goods and services as a result of a cyber security breach2. Yet only 23% are confident that companies are transparent when using personal data, and almost three-quarters of them said they would reconsider using a company if it didn’t keep their data safe.
While many businesses worry that overt security measures could damage the customer experience and send their customers elsewhere, the opposite is more likely to be true. When a customer entrusts you with their personal data it’s essential that you take every possible step you can to protect that data. It’s a tricky balancing act – keeping customer experience at the forefront while keeping their security as equally well catered for behind the scenes - but it’s an essential part of any successful business.
1. Forewarned is forearmed
Large data breaches don’t hit the headlines every day, but that doesn’t mean that fraud is not an ongoing occurrence. Whether you run a large multi-national corporation or a small business, especially if you deal with customers online , by telephone or mail order, it pays to be prepared for an attack.
Paul Jevons, Head of Security and Fraud Products, Barclaycard says “An easy way for businesses to stay one step ahead is to carry out a risk assessment of their business to help them understand what information they're holding and where. This will also help them identify who is likely to want that information, it’s potential value, and the controls they need to have in place to protect it.”
2. CNP fraud on the rise
Despite a fall in overall card fraud, one particular type is on the rise and that’s card-not-present (CNP) fraud. As chip card technology has largely thwarted the criminals, their attentions have shifted to online fraud, targeting online purchases that don’t require a physical card.
According to a recent report by Financial Fraud Action (PDF, 366KB) while spending on cards increased by 50% between 2008 and 2014, overall card fraud losses decreased by 21%. However, during 2014 CNP fraud losses accounted for about 70% of total UK card fraud.
One way to help reduce the risk to your business and your customers’ data from being compromised is to set up a secure website for all payments you take online. Simply by using a secure fully hosted payment page that is managed in accordance with the controls described by the Payment Security Standards Council, rather than relying on your own website to take payments online, you can help reduce fraudulent transactions from getting through.
3. US changes could spell trouble for UK merchants
Just as the rise of chip and PIN prompted fraudsters to look at the CNP market, fears are that the arrival of chip technology in the US will mean that UK businesses need to be on the alert for criminals looking elsewhere to find a loophole.
It often happens that when one area is closed down to fraudsters, they turn their attention elsewhere. Experts say that criminals quickly realised that attacking a chip and PIN environment wasn’t worthwhile, because the data they could access within it was of little value to them. So when the US adopts chip and PIN, the UK could see an increase in e-commerce fraud as fraudsters look for other routes outside of the US.
4. Criminals are always on look out for the next way in
New technology can help merchants fight the fraudsters, but it pays to be fully aware of how new technology works and keep an eye out for vulnerable areas.
If, for instance you’re using new technology to store your customers’ data make sure you understand how it’s implemented and what controls are used to protect your information.
Do you know where the data is being stored? Just by having an understanding of what controls you need to put in place to protect the data, and by questioning whether the data you’re storing is likely to be attractive to criminals, you’ll get a better overview of the measures you need to put in place to keep that data as safe as you possibly can.
5. Be safer by being compliant
Any business taking payments by card needs to adopt the Payment Card Industry Data Security Standard ( PCI DSS ), which offers protection for both your customers and your business.
Being PCI DSS compliant means that you have the support in place to minimise the impact of any potential security breaches you may face. That can mean helping to protect against the financial implications of an attack, while also helping to guard against any reputational damage that might arise as a result.
It also offers your customers a sense of security. While being compliant won’t stop an attack, it does put you in the best position to prevent one. And when customers trust your organisation with their personal data, keeping it secure could be an important part of them continuing to do business with you.
Speak to us today to find out how we can help your business – 0800 0466814 *.