Data breaches happen. Tips to protect your POS and your brand reputation
Data breaches are an increasing occurrence in the U.S., hitting an all-time record high in 2016, up 40 percent over the previous year. The frequency of breaches involving well-known brands shows that addressing payment security needs remains challenging for many franchise businesses.
The reputational damage and loss of customer trust can be the biggest threats a franchise faces if they experience a breach. A recent survey revealed that 39 percent of consumers who are victims of a data breach would stop patronizing a business that has been attacked.
Hackers commonly use malicious software (malware) to infiltrate the point of sale (POS) system to steal customers’ card data, which is then used for fraudulent purchases. This type of breach can go undetected for weeks, even months, causing irreparable damage to the specific location that was hit and the brand overall. What can you do to protect your franchise’s POS from a breach? Read on to find out.
Why do all the high profile breaches seems to happen to franchises?
Unfortunately, franchises appear to be especially attractive to hackers. This is due in part because of the high transaction volume drawn from multiple locations, as well as the valuable customer data that franchises typically obtain and store on their networks. Additionally, it is often difficult to detect a breach in real time, giving hackers more time to steal cardholder data, wreaking havoc on the brand and the business.
When it comes to franchise reputation, each “part” must be secure in order to protect the “whole.” Even if only one location is breached, the brand damage can have a long-lasting negative effect on all locations.
There are three primary ways franchises typically handle their payment security needs:
- Follow security guidelines set by corporate headquarters. In this scenario, franchisees implement a POS system and security strategy designated and rolled out by the corporate office. The risk here is that any weaknesses in the franchisor’s systems will be passed down to the franchisees.
- Handle security in-house. Some franchisees have the freedom and prefer to handle everything themselves, including choosing their own POS and security strategy. This poses problems when franchisees lack the necessary resources and know-how needed to effectively implement the POS and security solutions, resulting in vulnerabilities that can lead to a breach.
- Outsource to a third party. This isn’t always a bad choice, but it can be risky when the third-party service provider is not thorough and does not follow security best practices. For example, the provider may implement a PA-DSS compliant POS system, but neglect to change default passwords, paving the way for criminal access.
Regardless of the route taken (and sometimes it’s a combination of all three), there are steps a franchise can take to meet and overcome the security challenges to protect their customers and their business.
What can a franchise do to protect themselves from a breach?
A multilayer approach is the most effective way to prevent a breach from occurring, and involves technology solutions as well as best practices. Following are the most important steps to take:
- Use EMV compliant software. Businesses that use EMV technology to accept chip cards, which are more secure than their magstripe counterparts, are usually less attractive to hackers.
- Make sure your POS solution uses tokenization and encryption. These solutions help protect data in transit, as well as data that is stored for post-authorization transactions such as recurrent billing and tip adjustment.
- Maintain unique passwords and change them regularly. Never keep default system passwords and only allow system access to trusted individuals.
- Invest in quality anti-virus software and keep it up-to-date. Anti-virus software can be your first defense for new malware threats.
- Implement firewalls and secure remote access. In order to prevent unauthorized access, it’s very important to keep the POS separate from other systems that are used to access the internet. Regularly monitor remote access accounts to ensure they are updated with fresh passwords, and eliminate any that aren’t strictly necessary.
- Work with a payment processor that offers PCI assistance, breach protection, and anti-fraud services. Reputable processors can assist with ongoing PCI compliance efforts and even offer financial relief in the event of a breach. We also offer anti-fraud services to flag potential problems before they turn into real issues.
Don’t wait until it’s too late
Whether you rely on the corporate office for the tools and resources to protect your franchise’s POS, or have developed your own security strategy, it’s important to take a multilayer approach. With the proper security technologies and best practices, you can ensure that your business and your customers are safe from an attack.
For more guidance and information about protecting your POS and your business from a data breach, contact us.