Main Content

Breach Protection

Breach Protection

If your business operates on the internet, don’t relegate data breach protection to your “to do” pile. Data breaches aren’t just time-consuming for you to solve, they’re costly.

What is a data breach?

A data breach occurs when a person’s private identifying information — name, address, email address, Social Security number, driver’s license number and/or financial, credit or debit card data — is available or put at risk, either electronically or on paper, to be stolen.

Electronic data breaches can take many forms including hacking, malware, spyware, skimming, an insider breach or the physical loss of a payment card, computer, laptop or CD. While the types of data breach vary, they all have one thing in common: unencrypted personal data can quickly fall into the hands of cyber criminals, thieves or fraudsters.

In 2011, the Ponemon Institute presented the findings of its 7th annual U.S. Cost of a Data Breach study, which explored the cost of data breach incidents for U.S.–based companies.  The study examined 49 data breach cases with a range of nearly 4,500 to 98,000 affected records, from 14 different industries ranging from finance to retail and transportation.

For the first time in seven years, the Ponemon study reported a decline in both the organizational cost of data breach and the cost per lost or stolen record. The organizational cost declined from $7.2 million to $5.5 million and the cost per record has declined from $214 to $194.

More than a third of the breaches Ponemon studied were caused by the loss or theft of devices like laptops and USB thumb drives, which contained confidential or sensitive information. In addition to malicious attacks, negligent insiders are the main cause of a data breach.

Organizations represented in this study have shown improved performance in both preparing for and responding to a data breach. By utilizing more data loss prevention technologies, these businesses are losing fewer records to data breach. The costs they incur can include: expensive breach-related outlays for detection, escalation, notification and response; legal, investigative and administrative expenses; penalties and fees; customer defections; reputation management and customer support costs like information hotlines and credit monitoring subscriptions.

Data Breach Protection

All businesses, regardless of size, experience or volume, that deal in credit or debit cards and/or electronic fund transfers can become the victim of a security breach and should have data breach protection.

Unlike Canada and countries in the European Union where strong data protection acts have been in effect for years, the United States government has not highly legislated or regulated data privacy. However, 46 states and the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification when personal information has been involved in a security breach.

There are partial federal regulations that govern the acquisition, storage and use of personal data in this country, but it’s up to individual merchants and businesses to proactively implement data breach protection programs.

Data Breach Protection Best Practices

One of the first and best steps to take to protect yourself, your business and your customers from a data breach is to observe the Payment Card Industry Data Security Standard (PCI DSS). This is known as being in PCI compliance or PCI compliant. The requirements of PCI DSS are focused on improving security for the storage, transmission and processing of cardholder data.

Beyond PCI compliance, your business should enact the tightest security possible against fraud and other data breaches by using standard and advanced detection and prevention tools like those offered by TSYS®.

We offer multiple interface options that allow you to choose the best method for your business to securely submit and process payments. We can also reduce your PCI burden by eliminating the need to store sensitive card data.

Other best practices to protect your system against a data breach include:

  • Changing your user account password, along with your secret question and answer, every 45 to 60 days.
  • Using a third-party solution, such as integrated shopping cart technology, to maintain the strict security standards for submitting transactions to a payment gateway.
  • Require and validate complete order information — including a full address and phone number — for every order before shipping.
  • Monitor your transactions, particularly those from abroad, for potential fraudulent practices, including a higher-than-usual number of transactions or transaction amounts or orders where the billing and delivery addresses do not match.

Computer-Based Security

Your computers can contribute to data breach, or aid in data protection. To maintain standard computer security best practices:

  • Install a firewall (hardware or software) to monitor external connections.
  • Use anti-virus software that’s regularly updated, downloading and installing all service and security updates regularly.
  • Store sensitive and/or confidential information (such as credit card numbers) separate from web servers in an encrypted database that is not connected to the internet. Ask your TSYS representative about our encryption and tokenization programs to maximize data protection. 
  • Share access to network drives and individual computers only when absolutely necessary.
  • Avoid sending or requesting confidential information via email, online chat sessions or other unsecured methods of transmission. If you receive a request for information, confirm the request by phone before responding.

Play it smart— breach protection is your first and best line of defense against fraud. Make it your top priority to protect your bottom line. Consult with a TSYS representative about our Data Breach Security Program and other ways we help protect you and your customers from the threat of data breach.

Contact Us
About Our
Merchant Services

For Merchant Sales:

Customer Support Form.