NCR CORONAVIRUS RESPONSE RESOURCES

Cybersecurity in the digital market space amid COVID-19

Published April 24, 2020


 

With many businesses having to temporarily close their storefronts amid the coronavirus global pandemic, many have taken to ecommerce to be able to continue their sale of products. While this is a logical transition, those who are new to the online space may be encountering issues they are ill-prepared to face, including cybercrime.

While data breaches affecting large corporations get the most press, cybercrime is on the rise among smaller companies as well. In fact, 43 percent of cyber-attacks targeted small businesses in 2019. Given that a single breach can have long-term repercussions that devastate a business, owners need to make cybersecurity a top priority.

 

What are the possible negative effects of a breach in security?

Cybercrime’s effects are multifaceted. Let’s say your business is a pizza restaurant franchise with half a dozen locations. You process orders in-store, over the phone and online. To streamline the ordering process, you maintain a database containing customer information, which includes credit card data.

 

Digital destruction

Now, let’s say your company’s system is infiltrated by hackers that want the credit card information you keep on file. The most immediate consequence of the hack will be damage to your business’ digital infrastructure: the virus or other malicious program used to access your system can render your company’s software inoperable.

 

Business disruption

Similarly, the simple act of opening an infected email could lead to every computer terminal on the company’s network being locked down by destructive ransomware. And since contemporary businesses rely on computers for everything from point-of-sale checkout to inventory management to payroll, your company won’t be able to do business until any computer issues are fully resolved.

 

Reputation damage

Worst of all, depending on the severity of the breach, the recovery process could take hours, days or even months—making it impossible for you to run your business for an extended period of time after the breach. 

In addition to repair and downtime costs, there’s also the issue of notifications. If your company does business in 48 of the 50 states, you are required by law to notify anyone whose personal information may have been exposed in the breach.  

As you can imagine, the response to a notification of this kind is negative.  In fact, a third of consumers stop doing business with companies after a hack.  Therefore, those notifications could seriously impact your company’s reputation.

 

Financial liability

Finally, your business may be liable for hundreds of thousands of dollars in fines from your company’s bank. You company’s bank is adamant on protecting your customers’ financial information, so you will inevitably be required to pay fines for a breach in compliance. 

 

Why cybersecurity is critical

Due to the triple hit of system repair, reputation damage and financial penalties, 60 percent of small businesses close six months after a data breach. However, by investing in a few robust cybersecurity solutions, owners can drastically reduce their company’s risk of being hacked. 

Because of the pervasiveness of cybercrime, the Federal Communications Commission (FCC) has established a resources page to help small and midsize businesses protect themselves. The FCC’s most important recommendation is that businesses establish best practices to bolster their cyber-defenses. 

 

Cybersecurity best practices

  • Establish and maintain policies about the handling of all customer information and company data 
  • Create and enforce policies about employee Internet browsing on company hardware, regular software updating, and the regular setting of new strong passwords 
  • Implement basic cyber security hygiene. That could include the following, among other actions: 
    • Regular updates to complex passwords 
    • Software and hardware updates in a timely manner 
    • Well-managed new installations 
    • Limit user counts 
    • Backup data 
    • Run basic malware prevention and anti-virus technology 
    • Keep current with security patches for technologies used in the merchant’s environment  
  • Create a data breach plan that involves strict procedures and a clear chain of command 
  • Regularly hold meetings informing staff of new kinds of data breach threats and refresh everyone on the company’s cybersecurity policies 
  • Regularly backup critical information such as financial files, human resources data, payroll information and inventory data weekly, ideally to a cloud server 
  • Partner with a payment card processor that is compliant with the Payment Card Industry Data Security Standard (PCI DSS) and which provides Breach Insurance 
  • Maintain your PCI Compliance 
  • Wherever possible, use a processor or gateway where the cardholder is entered into your processor or gateway, minimizing any cardholder you may retain.

 

Why payment card security is the cornerstone of cybersecurity

While best practices listed above are essentially common-sense security measures applied to the digital space, payment card security is a bit more complicated.

To combat the worldwide issue of debit, credit and prepaid card fraud, the major card brand companies (Visa, MasterCard, American Express, etc.) established a series of standards to improve fraud security. These standards are called the Payment Card Industry Data Security Standard (PCI-DSS) and they deal with how best to accept, process, store and transmit payment card data.

Although there are no laws mandating businesses adhere to the PCI-DSS, the individual card brands assess fines to the financial institution that processes your payment card transactions if a data breach creates a compliance issue. Depending upon the card brand, these fines can total between $5,000 and $100,000 for every month an affected party remains out of compliance.

Furthermore, if the merchant affected isn’t PCI-compliant, but the financial institution is, banks will often shift liability for those fines to the merchant. Therefore, it’s clear that striving to be PCI-compliant should be the cornerstone of any companies’ cybersecurity strategy.

 

How to address the problem of payment card security

For even the most tech-savvy organizations, payment card security can be a real challenge. If your company accepts payment cards in person, over the phone or online, the PCI-SDD mandates hundreds of different controls regarding the handling of customer data. 

To relieve the pressure of meeting all those controls, it’s recommended that merchants’ partner with a PCI-compliant payment card processor. Ideally, small businesses should choose a card processor that utilizes cutting-edge cybersecurity methods  — such as the tokenization of payments — to further minimize risk, and allow your customers to enter their cardholder data directly into the gateway or processor directly (like with an i-Frame), so you never “touch” that cardholder’s data. 

 

How NCR can help

The benefit of tokenization is that, as soon as the sensitive payment card data is captured, it’s replaced with an algorithmically generated, unique number sequence called a token. Consequently, the customer’s data is protected from hackers as it isn’t stored in the merchant computer system (only the token data is). And token data cannot be reverse engineered into payment card data. 

Because NCR uses tokenization and robust encryption to process card transactions, the number of PCI controls our partners need to maintain for compliance drops from 335 to 35. 

Adopting cybersecurity best practices and becoming PCI-compliant can be mission-critical to your company’s long-term success, as well as their short term success in weathering the challenges of shifting to ecommerce. Not only can those measures lower your business’s risk factor for a data breach, they can also mitigate the damage if one does occur.  

Finally, such measures also prevent against payment card fraud, protecting your company’s bottom line by reducing chargebacks, reimbursements and legal claims. 

NCR’s affordable payment card processing services, in both the physical and online space, are both PCI-compliant and encrypted. As such, our clients can rest easy knowing that their customers’ data — and their own reputations — are being protected by some of the most sophisticated and most trusted cybersecurity technology currently available. 

Contact us today to optimize your company’s payment card security. 

 

In times of uncertainty, NCR is ready to help

NCR is committed to helping businesses of all sizes navigate the many challenges of the COVID-19 outbreak. For more information, contact NCR. 

Our experts are in the trenches with our customers, working hard to help provide guidance, solutions and recommendations

You can find us at NCR.com/payments, have us call you back, call us 1-800-834-4405 or email us at Assist.payments@ncr.com .

 

We’ll run your ATMs so you can focus on what's important.

Learn more about NCR ATM as a Service.

Need more information?