Quick Stats

Quick Stats

    You are here

    Best Practices for Fighting Cybercrime

    Small and medium-sized retailers face the same threats as big chains.

    By Paul Kleinschnitz, First Data Corp.

    Some convenience store owners don’t have the same financial resources as larger, big-box merchants, putting them at a heightened risk for security breaches. There is also an underlying misconception that tends to permeate small and medium-sized businesses (SMBs): Many believe they are not at risk for breaches because criminals are targeting “the big guys.”

    It can be tempting to ignore data security measures, but the reality is that SMBs face as much risk and liability as big businesses. In fact, a Trustwave security study found that 90 percent of data breaches impact small businesses. Despite fraudsters’ criminal tendencies, they are intelligent and know that small companies may not implement the same security measures as their larger counterparts, making them easy targets that are more susceptible to cybercrime.

    Understanding best practices pertaining to data security is one of the most important steps c-store owners can take to protect their business and customers from breaches.

    Here are three points of emphasis to ensure payment technologies are up to date and meet the recommended standards to fight cybercrime.

    1. Layer Technologies

    Data breaches can be costly, especially to c-store operators that have less flexible income to dedicate to unforeseen security issues. Understanding the solutions available can help merchants reduce risk and implement a cost-effective safeguard for sensitive data. By utilizing encryption and tokenization, merchants can minimize security weaknesses, address authorization vulnerabilities and protect stored card data.

    Encryption is applied at the swipe, encoding a card’s number so that if criminals access the data, the numbers are jumbled and cannot be used. Tokenization creates a “token” in place of the credit/debit card number so that the real card data is no longer present in a c-store’s system.

    Encryption and tokenization protect cardholder data as it is used by the merchant, and are barriers to cybercriminals if they try to steal this data from a payment system. Taking this approach to data security means that merchants not only minimize fraud, but also protect the cardholder data once the payment method and consumer are validated.

    2. Implement Compatible POS Systems

    Proactively updating point-of-sale (POS) devices to be compatible with newer security and EMV (Europay, MasterCard and Visa) technology is another critical step for c-store owners to take.

    EMV prevents a specific type of fraud — counterfeit cards presented at the POS — by using a processing chip that is read and validated at the terminal vs. traditional cards that use a magnetic stripe that is activated when swiped.

    These EMV smart chips enable more robust cardholder verification to protect against consumer-level fraud. Luckily, EMV technology is increasingly accessible, as more devices on the market now enable c-store owners to upgrade or replace their POS devices so that they are EMV compatible and can read the microchips.

    Coupling EMV with encryption and tokenization enables c-store owners and operators to protect their customers’ data and combat fraud in a comprehensive way.

    3. Choose a Preferred Partner

    Lastly, c-store owners and operators need to go one step further and work with their trusted financial institution or a merchant processing partner that can help them understand their data security responsibilities, review available solutions and implement a plan to ensure long-term business protection. A valuable partner’s job is to keep clients informed of potential risks and consequences and arm them with the technologies necessary to keep personal payment data safe.

    Financial institutions and merchant processors can help c-stores implement the measures needed to deploy a layered, comprehensive security program to ensure they are protected from cybercriminals. While a c-store owner/operator can certainly take these steps independently, consulting with a trusted advisor will give them and their customers the confidence and peace of mind in knowing their store is protected to the best of their capabilities.

    More than 1.1 billion records have been compromised in the last 10 years, according to a recent study conducted by the Ponemon Institute. This figure clearly illustrates that c-store operators must proactively protect their businesses to avoid financial and reputational costs and expenses.

    Layering EMV, encryption and tokenization, and working with a trusted partner are best practices for c-store owners and operators to implement for maximum data security.

    Editor's note: The opinions expressed in this column are the author's and do not necessarily reflect the views of Convenience Store News.

    By Paul Kleinschnitz, First Data Corp.
    • About Paul Kleinschnitz Paul Kleinschnitz serves as senior vice president and general manager of the Cyber-Security Solutions Team at First Data Corp. This team represents the integrated technologies that help merchants and financial institutions effectively manage cybersecurity and fraud. In this leadership role, Kleinschnitz is responsible for guiding First Data’s cybersecurity initiatives and equipping its clients with the right defenses in the ever-expanding threat landscape. He holds a degree in computer science from Oklahoma Christian University.

    Related Content

    Related Content