Raising payment security awareness via Twitter chat

Heartland Payment Systems Inc. and the National Restaurant Association hosted a Twitter chat Feb. 12, 2015, focused on securing payment data, a topic of growing concern for restaurateurs and consumers alike.

Anna Tauzin, Senior Marketing Manager at the association moderated the one-hour discussion, led by Michael English, Heartland's Executive Director of Product Development and Jim Higgins, the Association's Vice President of Payment and Financial Services. Attendees followed along and asked questions using the hashtag #SecurePayment.

The chat balanced views from a U.S. acquirer that processes credit, debit and prepaid transactions for more than 300,000 merchants with a food service industry trade association supporting a diverse population of nearly 500,000 restaurant businesses.

Popular questions and answers, some of which were re-tweeted among audience members, concerned how leading-edge payment technologies can protect business owners and their customers from fraudulent attacks, and the specific steps restaurant owners can take to meet and exceed payments industry standards to remain secure and compliant.

Data breaches more frequent, personal

A record 761 data security breaches impacted restaurant and retail communities in 2014, including P.F. Chang's, Dairy Queen, Jimmy John's and Chick-Fil-A, and compromising 83,176,279 payment card transactions, Heartland noted. In the aftermath, large and small restaurateurs are working with security specialists to remediate damages while others are researching security solutions to protect their POS systems and customers' cardholder data.

Amsterdam-based Gemalto, a digital security and technology company, released its Breach Level Index report on Feb. 12, which examined security breaches and trends in 2014. Tsion Gonen, Gemalto's Vice President of Strategy for Identity and Data Protection, noted that data breaches are on the rise and that long-term identity theft is becoming a more popular objective among cyber criminals than simply stealing credit card numbers.

"Identity theft could lead to the opening of new fraudulent credit accounts, creating false identities for criminal enterprises or a host of other serious crimes," Gonen said. "As data breaches become more personal, we're starting to see that the universe of risk exposure for the average person is expanding." He advocated adopting "a data-centric view of digital threats starting with better identity and access control techniques such as multifactor authentication and the use of encryption and key management to secure sensitive data. That way, if the data is stolen it is useless to the thieves."

Benefits of EMV, multifactor authentication

These multifactor authentication technologies were further explored in the Twitter chat, as English and Higgins explained how Europay, MasterCard and Visa (EMV), point-to-point encryption and tokenization can help protect business owners and their customers from fraudulent attacks.

As the executives engaged in real time with their Twitter audience, English stated that EMV-enabled chip cards have built-in tamper protection that protects the card from hackers. Higgins suggested that the cost of implementing EMV technology before the coming EMV liability shift "may be less than fees that come with fraudulent charges."

Moderator Tauzin asked the panel what steps a restaurant can take to protect consumer information and avoid breaches. Following are several recommendations.

• Limit employee access to sensitive data. Employees should only have access to info needed to perform their jobs.

• Destroy all information no longer needed. Shred paper documents, and use "shred file" software; a deleted file could be recovered by a hacker.

• Protect hardware and software. Password-protect all equipment, install and maintain a firewall and employ anti-virus software.

• Encrypt all cardholder data at the earliest point of the transaction – that is at the time of payment card swipe, tap or insertion.

• Use tokenization instead of transmitting customer card numbers in the clear.

• Comply with Payment Card Industry security standards. It's the merchant's responsibility to protect data at the POS.

Real-time chats to raise awareness

A growing number of global communities are using live chat to discuss prevailing issues and trends, according to New York-based OneQube, a digital agency that develops social media technologies that build, analyze, manage and engage online relationships using Twitter's real-time platform.

The growing trend of using Twitter chat was highlighted by the Feb. 4 deal between Google and Twitter to make tweets visible in Google search results, raising the visibility of content generated by Twitter's 284 million users.

Twitter chat was an effective choice of platform to address the topic of cyber security and the sense of urgency restaurant owners and payments industry stakeholders share in addressing the current threat environment and protecting the integrity of cardholder data.

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.