What Really Matters in a Data Breach
Over the past decade, hundreds of retailers with tens of thousands of locations have experienced data breaches, with the resulting data record exposure numbering in the hundreds of millions. A data breach is an incident in which sensitive, protected or confidential data has been viewed, stolen or used by an unauthorized individual.
These breaches are not limited to any retail vertical or segment, but the biggest retailers are the ones we hear about, and it’s a long list: Wendy’s, Starbucks, Toys”R”Us, Staples, Sears, Albertson’s, The Home Depot, Dairy Queen, UPS Stores, Goodwill Stores, Sally Beauty Supply, Michaels, Neiman Marcus, Nordstrom, Harbor Freight, Wal-Mart, Barnes & Noble, Zappos, and everyone’s favorite example – Target.
There are significant consequences to a breach. The costs associated with a large scale breach can be staggering. Target’s breach was the second largest credit/debit card compromise in history, and it is estimated that the total losses associated with that breach exceed $1.5B, with lawsuits still pending that can increase that number.
For an independent retailer, the exposure is obviously smaller but no less significant. A First Data report issued in 2014 lists the average costs incurred by a small merchant to be $36,000. These are just the hard costs and include the mandatory forensic examination, customer notifications, PCI compliance fines, card replacement costs and liability for fraud charges.
What the average cost does not include can be of even greater harm to an independent merchant. The damage to brand and reputation can be enormous. In a survey delivered to customers who had received notification of breach from a retailer, 31% said they had terminated their relationship with the merchant. Bad press, loss of payment card acceptance privileges and the massive amount of time required to resolve the issue are other, critical factors.
So how can an independent retailer protect themselves? Transaction Security.
While the point to point encryption component of the solution is extremely valuable, the key for retailers is not to have anything to steal. Tokenization takes all the card data and makes it worthless to criminals. Even if they get in – and it should be accepted that if they want to, they will – nothing can be done with the information. It can’t be turned into counterfeit cards, it can’t be used to by 4DHD TV’s online, it can’t be used to buy gift cards for cash conversion. It can’t be used in any of the ways that breach fraud results in today.
We most often sell our customers products that make their business processes better, in turn making them better and hopefully, more profitable retailers. In this case we are selling them protection of their business, reputation and livelihood – which have taken years or decades or generations to build, but only take an instant to destroy.
Posted by Matt Mullen, VP, Strategy and Product, Epicor