America’s Cybersecurity and Infrastructure Security Agency (CISA) has designated October as Cybersecurity Awareness Month, a time for the public and private sectors to work together to increase awareness of cyber risks and cybersecurity best practices.
This month presents an excellent opportunity for independent software vendors (ISVs) and value-added resellers (VARs) to start a discussion with their clients about protecting cardholder information and other data, which can lead to stronger security, customer relationships, and business growth.
Start educating your clients by focusing on these cybersecurity basics:
- Knowing cybercrime and fraud targets
Hackers, ransomware groups, and other threat actors go where the money is, and with e-commerce reaching $6.3 trillion globally in 2023, these businesses have become targets. Your customers must do all they can to protect online transactions.
Compliance with Payment Card Industry (PCI) standards is table stakes for your customers accepting online payments. Your customers trust you to provide them with secure, compliant solutions, but you should also advise them on their responsibilities and the processes they can implement to go above and beyond the protection that using a PCI-certified solution gives them. Stress cybersecurity best practices like confirming user identity with multifactor authentication, verifying transactions with credit card security codes, ZIP codes, or other information, changing processes so cardholder data isn’t copied to paper, and ensuring their websites have SSL certificates.
A multilayered online payment security strategy will provide more protection than deploying a secure payment solution alone.
- Upgrading hardware
When payment technology companies design PIN pads and other payment devices, they focus on meeting current or pending requirements. However, when regulations change, that hardware will no longer have the latest security or compliance features. For example, the PCI Security Standards Council (PCI SSC) has issued new PIN security requirements, which go into effect on January 1, 2025. The new standards require keyblocks, which make it harder for hackers and threat actors to decrypt encrypted data at the point of sale. Many older devices won’t support the new requirements.
Discuss options for upgrading solutions to help them find the most cost-effective, secure way to accept card-present payments.
- Leveraging AI
AI can be a powerful tool in payment security. It can analyze vast amounts of data in less than a second and detect unusual activity. AI can quickly learn a customer’s normal purchasing behavior and can identify unusual activity faster than legacy methods that rely on preset rules. AI can also be a valuable tool for detecting cyberattack and fraud activity without negatively impacting processing time or customer experiences.
Encourage your clients to use every tool available to monitor their IT environments and payment activity to mitigate threats and losses.
- Mitigating Insider Threats
According to the 2023 Insider Threat Report by Cyber Security Insiders, 74 percent of organizations are at least moderately vulnerable to an insider threat. Following a few sensible cybersecurity best practices can significantly reduce your customer’s vulnerability to malicious or negligent insiders.
First, they should limit access to payment data to only employees who need it to do their jobs, decreasing the attack surface. If only a few people can access monetizable data, hackers have less of a chance of capturing logins that will give them privileges that they can use to hack a system and steal data. Your clients should also establish a policy of disabling an employee’s accounts immediately after they leave the company.
Last, even if your clients have full faith in their employees and their abilities, they should continually monitor their activity, let them know their managers are watching, and regularly train them on new threats and cybersecurity best practices.
The Fifth Cybersecurity Best Practice: Choose the Right Payments Partner
The final cybersecurity best practice on our list is to choose a partner that not only provides PCI-compliant technology but also prioritizes security in everything it does. The right partner will also provide you and your clients with help and guidance in strengthening cybersecurity.
A partner that addresses security during solution development and beyond, stays current with cybersecurity news and trends, advises you and your clients on changes to regulations, and can offer advice on strong policies and processes will help your clients protect their data and their businesses.
Cybersecurity Awareness Month is a great occasion to ensure your vendor ecosystem is aligned with you and your clients to help create the most secure IT environment.
Contact us now to take the next step toward that partnership.