HID Global offered four tips for protecting organizations against the types of data breaches that recently occurred at major retailers.
An effective defense against the multiple threats these organizations faced requires numerous elements, including strong authentication and a five-layered security strategy in the enterprise IT infrastructure, plus more secure payment card technology at the point of sale.
“A data breach is one of the top events most harmful to a corporation’s reputation and its customers’ privacy,” said Ian Lowe, Enterprise Solutions Marketing at HID Global. “The fall-out can be catastrophic, and organizations must understand the threat environment and take all necessary steps to protect their assets and customers.”
Tips for protecting large retail payment operations include:
Move past simple passwords to strong authentication in the enterprise: When hackers steal an employee’s user name and password, they can then often move through the network undetected and upload malware programs to a retailer’s point of sale (POS) systems, where it is relatively easy to steal/capture card data and create cloned payment cards.
Organizations should protect systems and data through strong authentication that relies on more than just something the user knows (passwords.) There should be at least one other authentication factor, such as something the user has (i.e., a computer logon token) and/or is (i.e., a biometric or behavior-metric solution.)
Take advantage of the improved convenience of a mobile “tap-in” strong authentication model: Users increasingly want a faster and more seamless and convenient authentication solution than possible with dedicated hardware one-time passwords (OTPs,) display cards and other physical devices.
Now, mobile tokens can be carried on the same card used for other applications, or combined on a phone with cloud application single-sign-on capabilities. Users simply tap their card or phone to a personal tablet, laptop or other endpoint device to authenticate to a network, after which the OTP is unusable. There are no additional tokens to deploy and manage, and the end-user only has one device to carry and no longer must remember or type a complex password.
Employ a layered IT security strategy that ensures appropriate risk mitigation levels: For optimum effectiveness, organizations should take a layered approach to security starting with authenticating the user (employee, partner, customer), then authenticating the device, protecting the browser, protecting the application, and finally authenticating the transaction with pattern-based intelligence for sensitive transactions.
Implementing these layers requires an integrated, versatile authentication platform with real-time threat detection capabilities. This platform, combined with an anti-virus solution, provides the highest possible security against today’s threats.
Replace magstripe payment cards with more secure card technology for consumers at the point of sale: Magstripes contain a static card-verification value (CVV) that is easily intercepted by malware-infected POS systems and cloned with cheap readers.
In contrast, Europay Mastercard Visa (EMV) cards store all payment information in a secure chip, use issuer-specific personalization keys, and authenticate using cryptographic standards. They also replace the magstripe’s static CVV code with a dynamic security code that cannot be used to create a counterfeit card. With widespread adoption, EMV cards are now making their way to the U.S.