It is estimated that by the end of 2018, debit card transactions will outnumber cash payments
in the UK.
The country has well and truly embraced the prospect of a cashless future and all the advantages that it brings, but many retailers still have catching up to do when it comes to securing their card transactions – and with the impending arrival of the EU’s new General Data Protection Regulation, or GDPR, time is running out.
The EU’s GDPR will swing into force on May 25th
, 2018, less than six months from today, and when it does, it will bring a host of new rules for handling personal data and, importantly, new punitive measures, too.
The cost of data loss
Fines for those who fail to comply could amount to €20 million, or 4% of the company’s annual global turnover for the previous financial year (whichever is higher) and the fines extend beyond usual bounds to include data handlers, rather than just data controllers, so anyone handling data on a company’s behalf can be fined.
These fines have the ability to seriously affect a company’s profitability and could even see businesses forced into insolvency.
Security breaches are a pervasive threat to business and consumer alike. In 2016, fraud losses across payment cards, remote banking and cheques, amounted to an eye-watering £716.8 million, a figure which is 2% higher than the previous year
, and that upswing is expected to continue as cash marches on towards obsolescence.
Of that figure, 80% of financial fraud losses were attributable to payment cards and 18% to remote banking, which tells us in no uncertain terms that hackers and tech-based fraudsters are enjoying high levels of success.
Security failings aren’t solely a concern for big business either. Fraud and online crime are reported to cost small businesses around £4000 a year
, a significant amount for companies who work hard to stay profitable in our uncertain economic environment.
How to secure your payment data
With that said, it’s important that businesses regard security breaches as a case of “when” and not “if” and prepare ahead of time.
In the battle against this type of crime, there are a number of steps that businesses large and small can take, to begin the arduous task of securing payments.
A good place to start is to get to know your client base. Often overlooked in favour of more high tech solutions, knowing your customers is a great way to spot the early signs of fraud and prevent losses before they occur.
Unusual purchasing patterns or delivery irregularities could indicate that a customer has lost control of their private data, and a quick call to your payment processing partner can ensure that your customer doesn’t lose out – and nor do you.
Another important step, but one which is surprisingly often forgotten, is to ensure that your software systems are up-to-date with the latest security patches and fixes. High-tech fraud is on the rise and security exploits can offer attackers an open door into your digital world, and easy access to a wealth of private data.
Having a clear and concise risk management strategy should also be a top priority
Ensuring staff are well trained and up to speed with what to do in the case of a data breach or security issue can often attenuate the damage done, and a workforce that knows its responsibilities will also help to close loopholes and secure data on the fly; they’re also an invaluable long-term asset to any business.
Thankfully, those who handle card payments have an advantage when it comes to data protection and preparation for the GDPR – the PCI DSS.
PCI DSS or Payment Card Industry Data Security Standard, to give it its more formal name, sets out a clear standard for those who process card payments, to help them do so securely and avoid card fraud.
Adherence to the PCI DSS is a solid primer for the arrival of the GDPR and, given that it is mandatory, is something that businesses should consider their most important step as they look to shore up their payment security protocols.
It may appear daunting at first glance, but achieving PCI DSS compliance isn’t the mountain to climb that many think, and choosing an outside consultant or partner to help guide you through the process can really alleviate the pressure felt.
Once compliance has been achieved, the GDPR should hold no major secrets, so ticking off PCI DSS compliance (and maintenance) should most certainly be viewed as providing a solid foundation upon which to build your GDPR compliance and overall security profile.
Investment in security should be viewed as critical in the current retail environment. Money spent on ensuring payments and systems are secure will only pay dividends to businesses in the long term.
Aside from underpinning customer faith and your company’s reliability, it also all but eradicates the threat of life-changing fines and the threat of going out of business because of the actions of an outside party, and ultimately, beefed-up security means that you and your colleagues can rest easy and not worry – and what price can you put on peace of mind?
Tony Smith is sales director EMEA at PCI Pal