BOSTON -- With the goal being a “multilayered” approach to data security, retailers focused on EMV need to implement additional measures and infrastructure to properly reduce risk, according to a recent report.
Risk-management firm Boston Retail Partners recently released a study called “Beyond EMV: Best Practices for Payment Security,” which highlights six security strategies critical for a high level of protection. These measures included:
- Europay MasterCard Visa (EMV) compliant payment terminals
- E-commerce controls, which include processes and standards to monitor electronic commerce
- Network segmentation, referring to the separation of payment-related communication lines from other store systems
- Secure communication protocols, or processes to regulate system access
- “End-to-end” encryption, which uses coding and encryption "keys" to secure data
- Tokenization, which turns data into unrecognizable symbols for transport
- Comprehensive internal set of security policies and practices, which covers multiple access and permission issues involving employees
“Industry best practices dictate that the most effective strategy is a multilayered security approach,” said Perry Kramer, vice president and practice lead for the Boston-based firm.
Retailers, however, have a ways to go to implement many of these options. According to Boston Retail’s 2016 POS/Customer Engagement Survey, even after the liability shift deadline of last October for in-store point-of-sale (POS), only 22% of retailers support these transactions, with another 53% of retailers still planning to implement the capability within 12 months.
The study also found that 49% of retailers have implemented end-to-end encryption and 35% have implemented tokenization of payment data “at rest.”
“Increasingly, retailers are realizing that simply meeting PCI [or Payment Card Industry] compliance standards is no longer sufficient to protect customer data,” said Ryan Grogman, vice president of Boston Retail Partners. “Hackers are becoming more sophisticated, requiring organizations to reanalyze and revamp their current security protocols to adequately protect their customers’ payment and personal data. Retailers who have not implemented these technologies are at high risk, as the likelihood of being targeted by hackers increases every day.”
Unfortunately, even as retailers focus their efforts on EMV and increasing data security in-store, fraudsters have recognized gaps in online security and are shifting their efforts to the exploitation of e-commerce sites, Boston Retail officials said in their study. Online transactions create a unique set of security challenges. To protect against fraudulent online transactions, retailers must implement a rules-based fraud detection tool, auditing suspect transactions and authorizing legitimate ones, they said.
Boston Retail Partners is an independent retail management consulting firm that combines its retail business knowledge and cross-functional capabilities to design and implement strategy, technology and process solutions.
Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.