Select Page

Making headlines is typically a win for big brands. Unfortunately, the saying “all press is good press” does not apply to companies that experience data breaches. Organizations are at a greater risk than ever of being breached, setting an operational imperative to implement greater security protocol.

In the recently released “Data Risk in the Third-Party Ecosystem” study by Ponemon Institute, 59 percent of companies surveyed reported experiencing a data breach via a vendor or third party. The number is even higher for U.S. companies, totaling 61 percent—a 5 percent increase over 2017 and a 12 percent increase from 2016.

This trend is not promising.

Vetting Vendors to Mitigate Risk

The upward trajectory of third party breaches signals the importance of vetting vendors as well as the dangers of insufficient security within complex networks. The real problem for companies is that a vendor-related breach does not shift the blame; brands and institutions experiencing a breach, regardless of who is at fault, bear the brunt of negative consequences.

Staying one step ahead of cyberattacks requires collaboration and planning for third-party detection and mitigation.As the third-party landscape grows increasingly complex, it is essential for companies to track and inventory those relationships. According to Opus, a provider of global compliance and risk management solutions and sponsor of the Ponemon report, only 34 percent of companies working with third parties keep a comprehensive inventory of those parties.

Not If, But When

If the 2018 Thales Data Threat Report is any indication of the state of cybercrime, retailers (and anyone processing ecommerce payments) should note that breaches are a matter of “when”, not “if”. The report noted half (50%) of retailers report being breached in the past year—more than double the 19% breached in 2017.

Bad actors are becoming increasingly sophisticated and bold. As security and risk mitigation spending stalls among many companies, they have become sitting duck targets. This is especially true for U.S. retailers that deal in high volumes of personally identifiable information (PII) and payment card data, which is exchanged during transactioning.

Prescription: Encryption  

Point-to-point encryption (P2PE) helps organizations streamline security and reduce PCI scope. What’s more, the cost savings generated typically far outweigh the cost of implementation. By encrypting data at the point-of-interaction (e.g., a point-of-sale system), no sensitive cardholder data passes through a merchant’s or institution’s POS as raw data. The data is decrypted wholly outside of the merchant’s or institution’s environment, either in the cloud or at an offsite data center.

This security framework accommodates online, offline, and emerging payments technologies, making omnichannel security seamless. Encrypting credit card data hedges against breaches; if a breach does occur, credit card info is rendered useless to hackers.

Pointing Toward Success

Improving data security is a multi-step process that includes getting executive buy-in, strategizing the best path forward, and implementing security frameworks and protocol without impacting business performance.

Arrow Payments can help.

Our team works with you to convey the importance of data security to key decision makers and to formulate a plan of action. We provide end-to-end strategy and implementation of state-of-the-art payment security solutions from the best vendors.

Our job isn’t done there; after we ensure all third-party software is integrated seamlessly, we continue to provide award-winning support.

Let us help you make the news for the right reasons.

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

Guarding Against Payments Fraud

Guarding Against Payments Fraud

Payments fraud is a serious and ongoing challenge for treasury practitioners, requiring an increasing amount of vigilance and foresight. According to the 2023 AFP Payments Fraud and Control Survey, 65% of organizations reported being victims of payments fraud in 2022,...

Cultivating Emotional Intelligence in Leadership

Cultivating Emotional Intelligence in Leadership

We’ve discussed how emotional intelligence (EQ) makes you better at business. We’ve even talked about how EQ and payments are tied together. This article explores why EQ is crucial for leaders to possess. Yes, technical skills and a strategic mindset are valuable...

The Digital Campus Payments Imperative

The Digital Campus Payments Imperative

Higher education institutions are increasingly transitioning to digital campus payments – and with good reason. The move is primarily driven by evolving student preferences, though the need for enhanced security and better efficiency are factors, too.  Digital campus...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery