Online Exclusive: 3 Strategies for Ensuring Your Payment Platforms Are Secure -- Security Today

Online Exclusive: 3 Strategies for Ensuring Your Payment Platforms Are Secure

Consumers may think data breaches are inevitable, but if a business can show them that such risks are avoidable, it’s sure to profit. Don’t get left behind by your competitors—invest in a robust payment-protection platform before it’s too late.

By Michael Thorne
Jan 27, 2016

In the lead-up to the big holiday shopping season, U.S. retailers saw two major data breaches. Scottrade announced in October that it suffered a breach that affected 4.6 million customers, and a month and a half later, iSight Partners discovered “the most sophisticated POS malware” seen to date.

These breaches are expensive for businesses. In the wake of Home Depot’s 2014 data breach, analysts pegged the cost to the company at a staggering $10 billion, including investigation, remediation, and lawsuits.

In addition to the financial cost, brands that suffer breaches risk losing consumer confidence. According to a 2014 publication by the Ponemon Institute, few respondents would discontinue relationships with companies that suffered breaches. The reason people gave was simple: Breaches are unavoidable. Perhaps then businesses don’t need to bother, right?

But if a company can offer the products and services people want (along with the data security they deserve), that’s a brand that will garner trust and consumer devotion — and one that will avoid Home Depot’s $10 billion price tag for its failings.

Hitting Breaches Where They Live

Here are the three potential avenues of attack your business needs to deal with (and a few tips on how to keep your data secure):

1. POS

Some of the highest profile data breaches seen since 2013 result from problems at the POS. The attack comes in two steps. First, the POS system is accessed through stolen administrative credentials or simple brute force, and then it is inspected for vulnerabilities. Malware is placed on the system and proceeds to gather and store data.

Dealing with this threat is relatively straightforward. POS systems must be regularly updated with the latest software and firmware updates. Many still operate on Windows XP, which has known security flaws and is no longer supported by Microsoft.

A modern-day system with built-in encryption is essential, and if you are using a third-party physical POS device, you must take note of the company’s security policies and protocols. Don’t just assume the company’s system is perfect because a data breach is your PR problem.

2. Data Transfer

The second potential vulnerability lies in the transfer of data post-payment. While industry standard best practices are to encrypt all payment and personally identifiable information, this is not rigorously enforced, and data is often left unencrypted.

This approach is akin to wearing a meat suit while scuba diving. There’s a chance no sharks are in the vicinity, but if you stay in the water long enough, eventually you’ll be torn to shreds.

Data traveling from your POS to its processing point must always be encrypted using industry-approved algorithms. Don’t waste time developing your own — mathematicians, computer scientists, and cryptographers spend decades developing algorithms. Trust that they know better.

3. Data Storage

The final threat is to data in storage. This is often the most difficult data source to breach, but it can also be the most dangerous because of the types of information gathered here. In addition to payment data, these databases will store all aspects of transactions, including addresses, phone numbers, email addresses, and sometimes such sensitive information as Social Security numbers.

To avoid a major leak, consider a combination of data-level encryption and full-disk encryption (FDE). Data-level encryption helps prevent software attacks when the disk is in use, while FDE prevents data lost when a physical disk is removed from a device.

Encrypting everything can compromise speed and performance, requiring companies to invest in new hardware. Some businesses aren’t prepared to stomach that cost, so it’s also possible to encrypt the individual columns within a database that contain the most important data. Choosing between full and partial encryption is ultimately the business’s decision.

Dealing With a Breach

Effective data security is essential for companies dealing with electronic payments, and so too is a proper disaster recovery policy. After a breach is discovered, affected machines must be switched off and cut off from the outside world to prevent any additional data loss.

Third-party forensics teams will also be needed, and depending on the severity, law enforcement may need to be notified as well. Once the cause of the breach has been discovered, businesses must ensure it won’t happen again.

HID Signs Agreement to Acquire Calmell Group
07/10/2025
HID and ASSA ABLOY Recognized with Renowned Red Dot Award for Innovative Biometric eGate Design
07/09/2025
Security Industry Association Announces Program for 2025 AcceleRISE Conference
07/07/2025
SIA Opens Applications for 2025 Denis R. Hébert Identity Management Scholarship
07/07/2025
Honeywell Makes Strategic Tuck-in Acquisition of Li-ion Tamer
07/01/2025
Defining SASE at the Largest Consumer Electronics Chain in the Nordics
06/26/2025
Elite Interactive Receives Strategic Investment from CIVC Partners
06/26/2025
ProdataKey’s Emergency Response Integrations: Integrated Access Control Made Easy
06/25/2025

Featured

Sustainable Video Solution Delivered for Landmark City of London Office Development

An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now
- Facility Security
DHS to End ‘Shoes-Off’ Travel Policy

Homeland Security Secretary Kristi Noem announced a new policy today which will allow passengers traveling through domestic airports to keep their shoes on while passing through security screening at TSA checkpoints. Read Now
- Airport Security
AI to Help Resolve Non-Emergency Calls Across Utah and Decrease 911 Caller Wait Times

The Utah Communications Authority (UCA), which oversees the state’s next generation 911 technology services, recently announced that public safety answering points (PSAPs) throughout the state plan to implement Motorola Solutions’ Virtual Response technology to automate the receipt and resolution of 10-digit non-emergency line calls in Utah with the help of AI. Read Now
- Government
Report: 2025 Video Surveillance Market Set to Grow After Small Decline in 2024

Novaira Insights has unveiled its latest report, “World Market for Video Surveillance Hardware and Software – 2025 Edition.” The research indicates that the global market for video surveillance hardware and software experienced a slight decline of 0.3% in 2024. This performance fell short of previous forecasts, primarily due to a significant decrease of 7.8% in the Chinese market. Conversely, the rest of the world saw a growth of 4.9%. The global market for video surveillance equipment was estimated to be worth $25.0 billion in 2024. Read Now
- Video Surveillance
Report Reveals Local Governments Face Surge in Ransomware Attacks with Minimal Resources

KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, recently released new research highlighting the critical cybersecurity challenges facing state, local, tribal, and territorial (SLTT) governments. The report details how government organizations have become prime targets for cybercriminals while simultaneously facing severe resource constraints. Read Now
- Government

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Camden CV-7600 High Security Card Readers

Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.
PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.
Mobile Safe Shield

SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.