Data and Payment Security: Controlling Your Risk, Relieving Your Doubt, Earning Consumer Confidence
We’ve all been there: that moment of doubt at a point of sale when we present a payment card, or enter our numbers online, when we wonder, if only briefly, whether we’re actually just handing someone the keys to our account. We may think about it less with major retailers, but even some of the world’s biggest brands have had their payment systems breached and their customers’ data seized.
The hard costs of recovering from data theft can be huge. As a corporate victim, you could have to account for a wide range of reparations, from audits, investigations and IT upgrades to settlement fees on lawsuits. They cost TJX $256 million in 2007, Sony $111 million in 2011 and Target $162 million in 2013.
What’s more, those costs are going up. A 2015 Ponemon Institute report, sponsored by IBM, estimated the cost of each breached customer record to be $105 in 2014 and $165 in 2015, an increase of almost 60% in just one year. So, depending on the number of customer records involved, your liability could also total hundreds of millions of dollars!
No less significant are the potential ‘soft costs’ of undermining your customers’ confidence in your brand. It’s unlikely they would ever think of you or trust you the same way again. And many potential customers you look to, to help drive growth, would very quickly look away.
With all of this, it’s no wonder that a 2015 NRF CIO Council survey commissioned from Forrester identified data security as the #1 concern for retail CIOs. It’s enough to keep you wide awake with worry at three a.m.
E2EE: Your Foolproof Security Code
In response, our message to you to is simple: Rest easy. Once you’ve accepted the fact that taking any chance with your payment security is not an option, we offer you an approach that defines retail’s gold standard for bolting down your transaction data and locking out threats.
Aptos uses proven end-to-end encryption (E2EE) to ensure that your cardholders’ data is never directly identified at any point during its journey to and from the bank. With our PA-DSS certified Aptos Secure Data Manager (SDM), or FiPay from our partner AJB, data is fully encrypted on the PIN pad (using VeriFone VeriShield) with bank-owned ‘keys’. It is then securely communicated to the point of sale, transmitted directly to the bank for authorization, and re-encrypted before being returned to your POS.
This closed loop system seals any possible gaps that might expose the underlying data to anyone except the card issuer, and eliminates all possible points of failure in your data security chain.
Chip and PIN: Protect Yourself from Fraud
While not every retailer has been the victim of data theft, you have almost certainly been the unwitting agent of payment card fraud. And while chargebacks and related costs have traditionally been borne by the card issuers, EMV protocols shift the full liability directly to your retail business if you are not equipped to accept Chip and PIN cards.
The Chip and PIN system substantially strengthens the integrity of payment card transactions by automatically authenticating the card itself, and by requiring your customer to enter a personal ID or signature, as designated by the bank and communicated to the PIN pad by Aptos SDM, before the transaction can be authorized. In Canada and the UK, where Chip and PIN cards have been used for years, card fraud has declined by up to sixty-seven percent.
Here too, Aptos has you covered. We are able to manage all aspects of your EMV set up. We streamline the complexity of the process with unified, scalable solutions that fully integrate your POS with EMV and support a wide range of payment processors, including FirstData, Chase Paymentech, Vantiv and Elevon, as well as gift card providers, digital wallets and device manufacturers.
With all of this, Aptos equips you to respond to a full range of evolving domestic and international payment and data security issues—reliably, efficiently and for years to come.