Datacap Logo

Retailers cannot stop breaches, but tokenization may ensure thieves leave empty-handed

 Shiny Padlock

The past year has been chock full of high-profile data breaches, between those at major retailers such as Target and The Home Depot and top hospitality brands like P.F. Chang’s. These attacks occurred not because these companies were slipshod with their approach to security, but simply because crooks are tenacious and persistent. While businesses need to devote all of their efforts to serving their customers, these criminals have made poking holes in security webs their full-time job.

David DeWalt, CEO of cyber security and malware protection firm FireEye, recently appeared on 60 Minutes to discuss the rash of cyber breaches. He noted that even the biggest companies in the world cannot spend enough money to keep tenacious fraudsters out of their systems. Despite increased awareness of cybersecurity, increased prioritization of this issue internally and growing budgets allocated toward creating a gap-free wall, as many as 97 percent of companies across the globe are being breached, DeWalt asserted.

For any business, regardless of whether it is a bank, restaurant, hotel or retailer, processing payments has become an extremely daunting task. The point of sale has become a common target that criminals use to launch their attacks and gain access to customers’ payment information – shoppers swipe their cards at the POS terminal, and then criminals swipe the data from there. In fact, many customers have begun taking matters into their own hands, opting to use cash when doing business with companies that have been breached in the past or avoiding them altogether.

Tokenization: Businesses’ weapon against fraudsters

While DeWalt paints a bleak picture, it is important to realize that a breach by itself is not the end of the world. The breach itself is only the first step of a multi-pronged attack – if criminals cannot get anything of value (or if their takes are limited), companies can prevent much of the damage associated with the attack. Think of it as a criminal breaking into a home or office, only to find nothing of value there.

Businesses can set up a similar scenario by using tokenization, a process that replaces and eliminates sensitive information with non-sensitive data elements that have no intrinsic or exploitable meaning or value. When fraudsters breach companies systems and they are using tokenization, they are left with a bunch of meaningless data that holds no value to them. In fact, the use of tokenization may be enough to dissuade breaches in the first place.

This is why it is so critical that POS ISVs continue to adapt by utilizing payment solutions that make use of tokenization and encryption technologies. Firms may not be able to stop breaches (or at least, doing so is extremely difficult and costly), but with tokenization, they can at least ensure these fraudsters are forced to leave empty-handed. This will minimize damage done in the long run and may even serve as a deterrent for many would-be breaches.