Keeping customer data secure during the festive season

’Tis the season to be jolly and for the nation to get festive. Whether that’s in the form of cards and gifts, or food and drink, consumer spending will surge between now and Christmas.

Although the ONS (Office for National Statistics) reported that retail sales fell to a six-month low in October because of reduced levels of disposable income, Black Friday is predicted to create a £10 billion shopping spree in the UK that will continue until Christmas Eve.

Maintaining processes in the rush

We are now in the “golden quarter”, the period that has traditionally ‘made’ the retail year. However, this busy trading period has a flip side. Increased sales volumes, harried staff and impatient customers increase the likelihood of data mismanagement in store. And online, there are criminal hackers aplenty trying to gain access to customer data.

It’s therefore vital that retailers ensure they’re compliant with the PCI DSS (Payment Card Industry Data Security Standard).

Payment card data is a prime target for criminal hackers: Trustwave’s 2018 Global Security Report identified that 22% of incidents in 2017 involved card track (magnetic stripe) data and 18% of incidents were CNP (card-not-present), which is mostly used in e-commerce transactions.

Stay ahead of the criminals

Ensure you’re one step ahead by implementing the PCI DSS in your organisation. The Standard will help you secure cardholder data by providing a baseline of 12 security requirements to shape processes, procedures and systems most effectively.

The exact requirements of the PCI DSS vary according to the number of card transactions an organisation processes, but there are three fundamental steps to achieving compliance:

  1. Perform a gap analysis to understand how your business aligns (or not) with the requirements of the PCI DSS.
  2. Remediate any vulnerabilities and implement the necessary changes to comply with the Standard.
  3. Undertake an audit, reviewing your cardholder data environment and the risks you need to manage to ensure that your controls are in place and working effectively.

Ensuring you manage cardholder data correctly will reduce the risk of a data breach. What’s more, PCI DSS compliance means that if you do suffer an attack, the impact on your customers and your business will be significantly reduced.

Data breaches can cause havoc, as British Airways recently discovered. It’s important that an organisation is able to respond swiftly and ensure that payment card data is not at risk. In October, Eurostar suffered a breach, but its decision to never store bank card or payment details meant its customers were protected, and the company received very little negative press as a result.

Further support

Your staff are the first line in your defence. Ensure they have the knowledge and skills to protect your customers and your company with our quick and effective staff awareness e-learning course.

Our PCI DSS pocket guide and free PCI DSS resources, including webinars, green papers, brochures and guides, will also help staff get to grips with their responsibilities.

If you have specific questions or would like further advice, our team of experts are here to help. Get in touch today!