Guest Column | October 4, 2013

5 Ways To Minimize Threat Of Data Breaches

By Tedd Huff, Director of Product Management, TSYS' Merchant Segment

Payment processors can work with their acquirers and independent sales organizations (ISOs) to help minimize the threat of data breaches. Here are five ways:

  1. Understand the environment to make sense of what the market has to offer to assist with minimizing data breach threats. This requires the processor to understand in greater detail the environments in which their acquirer and/or ISO merchants are operating, and offer new solutions that meet a variety of needs and abandon the one-size-fits-all approach to security. A multi-layered solutions approach is a great example of how to serve a broad base of merchants.
  2. Learn why being PCI compliant and choosing the right partner to provide solutions to assist with achieving and maintaining compliance is of paramount importance.  Achieving and maintaining PCI compliance requires a merchant’s continued active focus and commitment. ISOs and acquirers who market their products as PCI compliant need to emphasize to their merchants their continuing efforts to remain compliant. Also, it is important to keep in mind that no solution can remove a merchant completely from the need to be PCI compliant, realizing there are some unpredictable circumstances that can put cardholders and merchants at risk even with a validated solution.
  3. Understand the importance of compliance with PCI requirements on an ongoing basis.  First and foremost, ISOs and merchant acquirers must educate themselves on the part and or parts of the PCI compliance chain in which they do business. Secondly, they must identify processes, procedures and solutions that can limit exposure. Generally, the better protected the merchant is — whether it is with education, P2PE, tokenization, scanning services, or even breach protection — the lower the risk, the easier it will be to maintain compliance on an ongoing basis. 
  4. Remain educated about security and compliance. It is critical that merchants understand the importance of being protected, as one suspected breach and the associated forensic costs could cost them their business. Acquirers and ISOs should educate their merchants by providing a realistic look at the risks involved, while also equipping them with tactics for effectively reducing and mitigating those risks.
  5. Keep attention on PCI compliance.  The amount of time an entity devotes to the daily active process of being PCI compliant should be based on the level of risk to each player in the ecosystem. PCI compliance is very important for merchants of all sizes, but time spent on compliance will depend on transaction volume, which increases risk and chance of fraud. A huge lesson learned from previous breaches is that merchants need more education and tools to help them protect themselves. By educating merchants on the capabilities and benefits of encryption and tokenization tools, they are empowered to be the first line of defense against fraud.

Tedd Huff is the director of product management for TSYS' Merchant Segment, which offers the Guardian℠ security suite of products, to include encryption, tokenization and PCI compliance solutions.