Select Page

Making headlines is typically a win for big brands. Unfortunately, the saying “all press is good press” does not apply to companies that experience data breaches. Organizations are at a greater risk than ever of being breached, setting an operational imperative to implement greater security protocol.

In the recently released “Data Risk in the Third-Party Ecosystem” study by Ponemon Institute, 59 percent of companies surveyed reported experiencing a data breach via a vendor or third party. The number is even higher for U.S. companies, totaling 61 percent—a 5 percent increase over 2017 and a 12 percent increase from 2016.

This trend is not promising.

Vetting Vendors to Mitigate Risk

The upward trajectory of third party breaches signals the importance of vetting vendors as well as the dangers of insufficient security within complex networks. The real problem for companies is that a vendor-related breach does not shift the blame; brands and institutions experiencing a breach, regardless of who is at fault, bear the brunt of negative consequences.

Staying one step ahead of cyberattacks requires collaboration and planning for third-party detection and mitigation.As the third-party landscape grows increasingly complex, it is essential for companies to track and inventory those relationships. According to Opus, a provider of global compliance and risk management solutions and sponsor of the Ponemon report, only 34 percent of companies working with third parties keep a comprehensive inventory of those parties.

Not If, But When

If the 2018 Thales Data Threat Report is any indication of the state of cybercrime, retailers (and anyone processing ecommerce payments) should note that breaches are a matter of “when”, not “if”. The report noted half (50%) of retailers report being breached in the past year—more than double the 19% breached in 2017.

Bad actors are becoming increasingly sophisticated and bold. As security and risk mitigation spending stalls among many companies, they have become sitting duck targets. This is especially true for U.S. retailers that deal in high volumes of personally identifiable information (PII) and payment card data, which is exchanged during transactioning.

Prescription: Encryption  

Point-to-point encryption (P2PE) helps organizations streamline security and reduce PCI scope. What’s more, the cost savings generated typically far outweigh the cost of implementation. By encrypting data at the point-of-interaction (e.g., a point-of-sale system), no sensitive cardholder data passes through a merchant’s or institution’s POS as raw data. The data is decrypted wholly outside of the merchant’s or institution’s environment, either in the cloud or at an offsite data center.

This security framework accommodates online, offline, and emerging payments technologies, making omnichannel security seamless. Encrypting credit card data hedges against breaches; if a breach does occur, credit card info is rendered useless to hackers.

Pointing Toward Success

Improving data security is a multi-step process that includes getting executive buy-in, strategizing the best path forward, and implementing security frameworks and protocol without impacting business performance.

Arrow Payments can help.

Our team works with you to convey the importance of data security to key decision makers and to formulate a plan of action. We provide end-to-end strategy and implementation of state-of-the-art payment security solutions from the best vendors.

Our job isn’t done there; after we ensure all third-party software is integrated seamlessly, we continue to provide award-winning support.

Let us help you make the news for the right reasons.

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

What to Know During the PCI DSS v4.0 Transition

What to Know During the PCI DSS v4.0 Transition

The Payment Card Industry Data Security Standard (PCI DSS) is focused on protecting cardholder data. As fraud and cybercriminals evolve, so must the standards by which organizations secure data, which is why we're in a phase of PCI DSS v4.0 Transition. The aim of the...

Understanding Real-Time Payments for Higher Ed

Understanding Real-Time Payments for Higher Ed

Real-time payments continue to gain momentum in 2022, especially as a new economic environment spurs the need for faster payments. As cross-border payments continue to gain steam, real-time payments show promise to aid those capabilities, too. The focus has long been...

What’s New in Treasury Tech?

What’s New in Treasury Tech?

Treasury departments hold a critical role in driving success for companies. Between financial planning, managing payments, and mitigating future risk, treasury departments must stay apprised of the latest technology developments to manage these responsibilities well. ...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery