Security must continue to be the number one priority for retailers.
MEDIA 7: The COVID-19 pandemic has greatly accelerated online shopping. Brands and retailers must push ahead this holiday season so they can effectively support consumers via all digital channels. What are some of their top security needs?
ADAM CASON: Security must continue to be the number one priority for retailers. Without a solid digital security strategy covering all aspects of their business, retailers cannot expect to effectively grow and adapt to a rapidly changing payments ecosystem. We're seeing a lot of attention paid to how the payment process can be streamlined and more frictionless. This includes the ability for merchants — from the largest retailer to the smallest micro merchant — to do more through mobile devices and adopt alternative ways to accept payments. We're seeing trends like the PCI Security Standards Council’s Contactless Payments on COTS (CPoC) standard that brings payment functionality inside the mobile device, whether it's a tablet or phone. The PCI Security Standards Council is doing a lot with new mobile payment standards that regulate the security of electronic transactions on commercial off-the-shelf (COTS) devices that are gaining traction in the retail space. All of this is going to transform the payment process for consumers in very exciting ways.
M7: This boost in online shoppers automatically enhances the retailers’ responsibility to protect cardholder data. What point-of-sale security solutions does Futurex offer in these circumstances?
AC: When we talk about security, a lot of it starts with the point-of-sale terminal and how the data collected there, is protected. Every point-of-sale terminal has a variety of different cryptographic keys on them, which can be used for everything from PIN encryption to Point-to-Point Encryption (P2PE). As a provider of key management technology, one thing Futurex has seen in 2021 is a pivot toward remote key loading rather than direct key loading.
The process of directly loading encryption keys traditionally has required multiple people to sit in a small, highly secured facility (and that’s being generous — often it’s just a “secure room!”) and perform a very manually-driven, labor-intensive task. Plug in a terminal, inject a key, unplug the terminal, put it in a box. Plug in the next terminal, inject a key, and so on. Now, especially with the pivot toward remote work that 2020 brought, companies are looking to automate many of these tasks and make them more remote-friendly. With the remote key management technology for point of sale that Futurex offers, this is now possible.
We also provide the hardware security modules (HSMs) that are used on the back-end for things like PIN validation, CVV validation, P2PE decryption, tokenization, and more. And when you look at the role mobile devices are playing in the retail space, the horizon widens even further. We provide foundational technology that developers of contactless payment applications or SoftPOS/CPoC applications can use to help go to market faster in a compliant manner.
Read More: Presidio’s Dan Lohrmann believes organizations without AI will not be able to keep up with the mounting cyberthreats in the future
Cyber attacks are not only becoming more prevalent but also more clever in how they attempt to steal sensitive information from users.
M7: With digital transformations becoming a mission-critical strategy and retailers adopting newer ways to scale their businesses, what benefits does Futurex’s expansion suite offer its clients?
AC: When you look at how these technologies are deployed, one of the biggest questions organizations are asking is about the form factor. Do they want the traditional approach, using on-premises network appliances (such as HSMs) that they house in their own data center and manage like any other piece of networking gear, such as a firewall, intrusion detection system, etc.? Or do they want to take the cloud-based approach instead?
We’re seeing a significantly increased interest in the cloud option in 2021. Organizations like the idea of an OPEX model where they pay a monthly service fee and someone else manages the configuration, day-to-day management, redundancy, etc. With Futurex’s VirtuCrypt Cloud Payment HSM, for example, organizations can create an end-to-end security environment, or just supplement existing on-premises HSM ecosystems, all while gaining peace of mind that their core cryptographic infrastructure is secure, scalable, compliant, and highly available.
M7: According to you, what are some major cybersecurity developments retailers need to look out for in the next 5 years?
AC: As retailers increasingly adopt alternate forms of payment, they’re going to need to stay very closely plugged in with the latest security trends and best practices. We’re seeing that attacks are not only becoming more prevalent but more clever in how they attempt to steal sensitive information from users. Having a strong security platform is critical, but it’s important not to ignore the human element either. Employees throughout the retail space, whether they’re on the floor or in the back office, need to be aware of their important responsibility in staying vigilant and reporting potential information security threats.
Read More: ‘Crypto will promote a huge change in the financial service ecosystem,’ believes Roberta Antunes
If data is sensitive and you don’t have a good reason to retain it, then get rid of it!
M7: In this evolving threat landscape, what are some key strategies retailers can adopt in their business models for enhanced protection of data?
AC: Always look at your data security posture with a critical eye. And that’s not just from the standpoint of making sure your vendors share your security-centric focus, it’s also about looking at the data itself. You should regularly be looking at where your sensitive data resides and asking if it’s possible to reduce the amount of unencrypted data that is stored unnecessarily. If data is sensitive and you don’t have a good reason to retain it, get rid of it! And if you do need to retain it, be sure it’s adequately protected.