What’s next for data security?
According to Boston Retail Partners’ 2015 POS/Customer Engagement Benchmarking Survey, payment security ranked among the top three priorities by retailers for 2015 for the first time in 16 years. More than 63 percent of the respondents indicated payment security, and protecting the confidentiality of sensitive information is among their top-three priorities.
The emphasis on payment security is front of mind as many stores are rushing to meet the October 2015 deadline to support EMV (Europay, MasterCard and Visa). In October, retailers without EMV-capable payment terminals will be liable for the cost of fraud-related chargebacks if a lost or stolen card is used in their stores.
Ten of the retail respondents to the Boston Retail Partners (BRP) survey already support EMV-based transactions and another 65 percent plan to support them by the October deadline. The survey of more than 500 top North American retailers was taken in November and December.
Encryption and tokenization are seeing strong investments from retailers. EMV weakens the incentive for thieves to steal credit card information by requiring that the physical card (and its security chip) be present at the transaction, but does not actually reduce the risk of a breach, BRP noted.
Thirty-five percent of survey respondents indicated they are already able to encrypt credit card data at the swipe and another 45 percent plan to implement that capability by October 2015.
Likewise, one third of the respondents have implemented tokenization for payment processing and another 40 percent plan to implement it before October 2015. Tokenization enables retailers to remove sensitive information from the network. Once a unique card/transaction data is converted into a token, the original credit card number cannot be reconverted, making the data worthless if it becomes compromised.
BPS wrote in its report, "The industry seems to have moved from thinking that "it better never happen and if it does someone will be fired," to "it’s going to happen so how can we make sure that we mitigate the damage, and protect and secure our data."
A survey of around 200 retail industry professionals conducted at the NRF Big Show taken by ACI Worldwide found 39 percent have already increased investments in payment security initiatives as a result of the past year’s data breaches, while 20 percent indicated they plan to increase such investments over the next 12-24 months. ACI likewise found many weren’t EMV compliant currently.
Lynn Holland, VP, ACI Worldwide, said in a statement, "Many retailing customers with which we speak to are taking steps to address the EMV requirements, but like any major undertaking, are trying to manage this along with other payment security, IT and technology initiatives."
- 650 percent More Retailers will Support EMV by October 2015, According to Boston Retail Partners’ Survey – Boston Retail Partners
- 2015 POS/Customer Engagement Benchmarking Survey – Boston Retail Partners
- More than 50 Percent of Retailers Not Fully Prepared as EMV Deadlines Approach – ACI Worldwide
How confident are you that EMV, encryption and tokenization will be enough to the quell retail’s data breaches?