03/11/2014

By Kevin Burns, Head of Solution Architecture Vodat International


Breaches in customer card payment data security are costly for most businesses, but for SME retailers and hospitality businesses the consequences can be devastating. While the actual financial ramifications might not make or break the immediate trading figures, the breakdown in trust caused by an error can have a long-lasting impact on customer loyalty.

Data protection is at the forefront of consumer concerns these days, and for a good reason. To see an example of how devastating security issues can prove, look no further than Target and Home Depot, both of whom have suffered massive data breaches during the past 12 months. Around 56 million sets of credit and debit card details were seized by Home Depot hackers – making it the second largest incident of its kind in US history – while Target’s profits dropped 46% after its systems were breached in December 2013.

The fact that such internationally renowned and well respected organisations have suffered catastrophic security failures has understandably struck fear into shoppers. Both retailers have subsequently invested more than $1million apiece in technology and initiatives to safeguard themselves against future attacks, but many consumers view this as shutting the stable door after the horse has bolted.

In time, with the right marketing strategy, Home Depot and Target will likely recover from the breach, but the process of rebuilding customer trust cannot be rushed – especially as it piqued public awareness of data security.

For the retail and hospitality sector as a whole, these two high profile security failures have significantly increased the need to invest in a secure network to allay consumer concerns. Per company, the average cost of a breach is £2.21m, up 8% on 2013, due mostly to increased customer churn, proving that consumers are becoming more aware of payment security and voting with their feet [1].

In response to this, retailers are spending more money, more often, on ensuring they are PCI DSS compliant across their business. And the latest version three standards released by the council have led to another wave of merchants looking to or feeling they might have to replace their equipment or software.

With version three, the Chip and PIN terminal estate in most retailers will fall out of PCI-PTS compliance, which will mean support for a new model of terminal will be required. And with Operating System support for Windows XP comes the issue of ‘end of life’, which will mean many retailers having to consider upgrades and, as part of that work it is likely aging Point of Sale estate will not support Windows 7 or 8.

Upgrading payment processing technology to the latest levels of PCI compliance is not something that retailers and hospitality vendors can afford to put off in this climate; they must swiftly find a solution that can be implemented without interrupting day-to-day operations, which offers leading edge levels of data encryption security.

Using a bank owned terminal (PDQ) might appear attractive in the short term whilst you establish your business but once you start to grow there are significant benefits to using a solution which can integrate with Electronic Point of Sale and which, at the same time, does not introduce the complexities of PCI DSS compliance.

By looking at different solutions such as the Vodat Unified Payment Service - which completely removes sensitive customer card data from the network - there are ways to provide easier integration at the same time as reducing scope for PCI DSS compliance and the associated cost for retailers.
After all, the investment needed to implement new technology and proactively market its capabilities amounts to far less than a recovery campaign in the event of a customer data breach.


[1]IBM/Ponemon Institute, Cost of Data Breach Study: United Kingdom, 2014