Another month, another two data security breaches – this time for Sears Kmart and now possibly Staples. But that’s just the USA’s concern, right?
Wrong. UK retailers, particularly smaller businesses, can sometimes struggle to relate to incidents in other markets if they don’t directly impact their own performance.
In the case of the USA’s string of customer information compromise, this scepticism is understandable; after all, Europay MasterCard and Visa chip technology is fully rolled out over here, whereas adoption levels Stateside will only reach around 47% by the end of the year.
But in today’s global society, news – especially bad news – travels fast, and US-based concerns are likely to impact UK retail if they have not done so already.
For starters, the increased profile of data security affects consumer confidence.
A recent poll revealed 45% of US credit and debit card holders are likely to avoid retailers that have been affected by a data breach in the last year.
This will stoke the fire of wider international concerns about just how safe shoppers feel paying for goods with plastic.
Secondly, every mistake involving data calls into question the security measures put in place by the affected retailer.
Add the sequence of recent breaches together, and the issue of Payment Card Industry (PCI) compliance is rising steadily up the retail agenda as businesses look for ways to avoid becoming the next victim.
What makes the issue even more critical is that it’s understood Sears Kmart at least was PCI Data Security Standard-compliant. So what could have gone wrong? It is likely malware was used to exploit point of sale operating systems, which either hadn’t been patched or weren’t being scanned.
The composer Peter Maxwell Davies once said “an audience shouldn’t listen with complacency”. In the case of the recent US troubles, neither should UK retailers.
Britain may be a world leader in payment technology, but hackers are working tirelessly to circumnavigate security measures in place – and according to Verizon, only 11% of retailers were fully compliant in 2013.
The exploitation might be US-centric in terms of data breach in the store environments of retailers but the issue is a global enterprise, so expect cloned cards to hit the UK high street some time soon (US issued cards account for 38% of fraud as a percentage of total fraud at UK acquired merchants on foreign issued cards*).
Only by embracing the latest standards as a minimum, both at the Point of Sale and across the network, can companies minimise their chances of becoming the next victim.
* Fraud the Facts 2014 report, www.financialfraudaction.org.uk in conjunction with The UK Cards Association
- Kevin Burns is head of solution architecture at Vodat International