The Era of the Breach
By Amy Zirkle, Vice President of Industry Affairs, Electronic Transactions Association
When it comes to data breaches, the question is no longer if your company will be targeted – but when. The Identify Theft Resource Center recorded 1,093 data breaches in 2016, up 40% from 2015. These breaches collectively exposed over 36 million personal records. Criminals are becoming more adept at exploiting the vulnerabilities created when data is travelling from one point to another. Data from IBM and the Ponemon Institute suggests that data breaches are more expensive in the United States than in any other economy studied, with the average data breach costing a company $7.35 million in investigations, customer notification and public relations, customer loss, legal remedies, and more. By comparison, the average data breach in the United Kingdom only costs $3.10 million (less than half). Data breaches are uniquely damaging for US companies.
But even though data breaches are inevitable, the damage they cause does not have to be. Companies have several tools at their disposal to both guard their systems against breaches and to lower the cost of the breaches that do occur. The most important such tool is robust, end-to-end encryption. This is particularly important in a payments context, when cardholder information might travel through several different channels on its way from the consumer to the merchant. There are many access points at which a malicious actor could intercept that information, but if the data is encrypted, then it is effectively worthless.
Despite the desperate need for encrypted data, companies have been slow to adopt encryption. Sophos found that only 54% of companies in the United States make extensive use of encryption. 28% of these companies say they lack the knowledge and expertise to properly deploy an encryption strategy. While encryption is an investment, it need not significantly disrupt an organization’s budget or workflow. But there is an art to knowing where to begin.
To help merchant service providers – and their customers – understand the nuances of a robust encryption strategy, ETA is pleased to present the second installment of our Payments Secured webinar series: Encryption & The Merchant Case for Devaluing Data at the Point of Entry. Featuring experts from Bluefin, FreedomPay, and MicroFocus, this webinar will answer the most frequently asked questions and address the most common misconceptions about encryption. Starting with an overview of encryption, a history of how we got here and how encryption fits into a payments context, this panel of experts will present a strong case for encrypting your data at the point of entry. To learn more and register, click here.
