In 2018, you simply cannot escape the constant news streams focused on data security of customers. From the massive breach at Equifax, to ethical questions surrounding Facebook’s usage of consumer data, the questions surrounding how both merchant and consumer data is being stored and used is paramount.
The payment processing industry is a large target for cyber criminals; over $6 trillion in transactions are being processed annually. Being agile, and open to embracing new technologies/methodologies to combat cyber crime in the industry is a must. This year, over $1 billion dollars will be spent this year on security software to safeguard the threats merchants face in-store and online according to a report conducted by the IDC.
We spoke to Amy Zirkle (@agzirkle) the Vice President of Industry Affairs of ETA regarding data security in the payment processing industry, and she provided insight into what the ETA, and the industry as a whole is doing to protect small business owners, and payment processors alike.
How are organizations such as the ETA working to ensure the best interests of their members, and their data?
AZ: I certainly think it’s fair to say that for the payments industry there are two components when you talk about the protection of data. There’s the overall larger issue of security, and then you sort of delve down into the component of risk management, and mitigation of risk in the industry to ensure continued consumer confidence.
And then the other component we are actively involved with, that’s the PCI Council. ETA is a participating organization to PCI, and we maintain a pretty active engagement with the council on behalf of our members. Many of our member companies are participating organizations as well in the council; some sit on the board of advisors. Perhaps most notably, the card brands form the Executive Committee of the council. There is a piece around communication and collaboration with the council that we at ETA take very seriously.
It’s interesting, because I think security issues, often times when you talk about them, people roll their eyes, because they’re not snazzy, and often times, they tend to be deeply tied to technical matters in the case of PCI, or the risk management and compliance piece with respect to underwriting. They are at the core of what the industry with either rise or fall on. If all of these systems in the value chain are not secure, and the instances for risk are not mitigated, and if vulnerabilities present themselves, everybody loses confidence in the system, and it just falls apart.
I know you talked about the risk management and compliance, and tying into that the PCI Compliance bit. What other steps could small businesses take to not only protect their business, but to protect their customers’ data?
AZ: I think the acquiring channel has certainly recognized the need to provide the relevant information to the small business merchant community. It’s hard because I think smaller merchants in particular are focused on running their businesses! They are not a big organization and they’re just selling or sort of engaging in some of the day-to-day issues that they deal with as merchants.
You’re seeing more and more, I think a greater recognition that communicating not just PCI matters, but broader payments issues to the small merchant segment are growing in prominence. I think we at ETA recognize the growing presence they are going to play and really want to help educate and do what we can to support that segment.
What roles do payment processors play in ensuring that customers’ data is secure?
AZ: I don’t mean to sort of sound repetitive, but I think they all realize that the value of the SMB space is to ensure that they understand the issues around this exposure, and that they understand the need to protect cardholder data, and that they treat it with the level necessary. I don’t think anybody wants to have to deal with the ramifications of a breach!
There’s this value-chain of communication that is going on in the industry whether it’s the card brands articulating to the acquirers…to their clients, or their ISOs directly to the merchants. I think security is front and center, and you see that being conveyed in a variety of ways. It’s interesting, because we met at TRANSACT, and much of our discussion was around what we can do as a committee. We are really, really going forward and building some education and resource materials for the SMB market around what can be done to ensure security.
What are some of the initiatives that are on the horizon for ETA?
AZ: The SMB space is where we are seeing truly some of the newer developments where the growing service of ISBs is really valued, and that is where payment facilitators are making in roads. That is where we see the next opportunity to really partner with the SMB merchants, and they are gaining in sophistication! And if they’re not, again, there is a gap we at ETA can fill in helping to work with that community with our member companies.
We all rise together, and it gets back to what we were talking about at the beginning, if the systems are not secure, if all instances for risk are not minimized, people lose faith in the system! If it’s not secure, it’s not going to be good for anyone and all of the exciting innovation and potential will be for naught, because it won’t be realized due to not doing our homework.
I think the industry is responding to it! And I certainly know it is front-and-center in the mind of what we are doing with Industry Affairs, and certainly what every committee that I work with here at ETA touches upon security in their own way.
Electronic Merchant Systems has been in business for 30 years, and is a level 1 Service Provider. We achieved our first PCI Compliance in 2005 and recently successfully completed our 13th annual assessment. We are a long-standing member of the PCI Security Standards Council, and members of ETA, to ensure we stay abreast of our evolving industry.
Electronic Merchant Systems is a leading provider of payment processing & merchant services. For more information please visit our website.