Merchants Must Make Data Breach Plans

April 7, 2017

One of the biggest issues now facing merchants of just about any size is the risk that they will be hit with a data breach.


One of the biggest issues now facing merchants is the risk of a data breach. These incidents are increasing in frequency, affecting companies large and small, and exposing potentially thousands or more customers to potential identity theft and fraud. As a consequence, it’s vital for any company – no matter the size – to put together a plan for how they will deal with a potential breach; the unfortunate reality for most firms is that it’s a case of “when” a breach affects them, not “if.”

To that end, it’s wise to examine the industry-recommended best practices for payment card security in general, as well as research the best possible tactics for both protecting against a breach and react quickly and decisively when they do occur.

Data breaches continue to proliferate as thieves target financial details.Data breaches continue to proliferate as thieves target financial details.

What To Look Out For
There’s plenty of data to suggest that breaches are happening with greater frequency and that the average incident is becoming larger. At this point, the risk is so great that experts recommend data breach “acceptance” rather than “prevention,” Gemalto’s latest Breach Level Index. Instead of trying to fortify against attacks – a tactic which likely wouldn’t have much effect against determined hackers – it’s perhaps more important these days to make sure data is encrypted or otherwise protected, because often, systems cannot be wholly secured themselves.

“[W]hen one approaches security from a breach-acceptance viewpoint, the world becomes a relatively simple place: securing data, not the perimeter, is the top priority,” Gemalto wrote in its findings.

Malware A Big Problem
Indeed, one of the emerging threats when it comes to what actually causes data breaches is the proliferation of malware that targets financial data through payment processing systems and point-of-sale devices, according to the latest X-Force study from IBM. When hackers targeted the financial services industry in 2016, which they did more than any sector (up from third in 2015), they typically found it to be a rich target. More problematic, the organized efforts on the part of hackers and crime rings to crack these types of businesses was increasingly cooperative. That, in turn, led the number of threats to grow and become more sophisticated over the course of the year.

Of course, it’s not just banks that can be affected by these attacks, according to Bloomberg BNA. A number of major fast food chains were recently hit with data breaches of different varieties, including McDonald’s (a cyberattack breached its Canadian careers site), Wendy’s (a class action suit over a financial data breach a few years ago recently got the go-ahead from a judge to move forward), and KFC (a breach affected its loyalty program members late last year).

With these issues in mind, planning a breach response initiative is a good idea for any business, especially as efforts to secure other aspects of credit card processing are now underway with moves such as EMV and mobile payment processing adoption.

Back To Blog