How to protect customer data

Acquiring accurate customer data is the holy grail of ecommerce; but that’s just the start. Keeping it safe from prying eyes is the real challenge.

Facebook got hacked in January. No customer data was compromised but it adds Facebook to an ever growing list of companies which have been successfully targeted by hackers.

Sony’s famous data breech back in 2011 cost it some £250,000 in fines alone as millions of its users’ information was made available.

But its not just the big guys that get hit. Cyber criminals are looking for sensitive data, especially card holder details, everywhere. SMEs, start-ups, blue chips – no-one is entirely safe which makes it every ecommerce site’s responsibility to look after customer data.

“Governing the flow of data within the business, and arming employees with the knowledge they need to mitigate against external threats and human error, can be the difference between earned customer loyalty and irretrievable brand damage,” says Sébastien Vugier, Vice President, Global Sales Solution Center, Axway.

It is important to always limit who has access to data and understand where it does and what it is used for. Securing payments data can be hard, especially when you are working across multiple channels and across international borders. In addition to your own security measures, you must always make sure you are PCI DSS complient which can be a complex process.

PCI DSS data security monitors the way you handle and process data. The less contact you have with this data the easier it is for you to comply.

Here are three tips from Neil Caldwell, Regional Sales Director EU at CyberSource.

Don’t Touch It

“Eliminate access to payment data. A hosted payment acceptance solution captures payment data in a way that never enters your environment but instead transmits that data directly to a third-party vendor’s PCI DSS-compliant network. Since you neither see nor handle payment data, you can significantly reduce your PCI DSS scope.

Don’t Store It

“Avoid storing sensitive payment data in your system altogether. With tokenisation, you can operate with payment tokens instead of raw payment data.

“After initial payment information is captured the data is transmitted to the third-party vendor and stored in secure, PCI DSS certified data centres. A payment token is returned, together with a masked account number.

Don’t Handle It

“It is possible to reduce the contact back-office employees have with payment data by handling services such as manual review or chargebacks. Tokenisation allows your staff to handle customer enquiries without visibility of full payment information.

A fraud screening tool that can integrate with Tokenisation can enable you to securely process payments and screen orders for fraud, without ever touching, storing or handling payment data.”