Page 30 - GS181001
P. 30
CoverStory
Cory Capoccia, president at Womply, said CRMs can auto- trusted payment methods, they advised. Security analysts
mate marketing campaigns ahead of the holidays, which recommend these additional precautions:
frees merchants to focus on immediate priorities. "With a • Implement point-to-point encryption (P2PE): Rus-
CRM in place, you're better prepared to communicate with ton Miles, co-founder and chief strategy officer at
customers, and get them to come back, in the event that Bluefin Payment Systems LLC, has helped proces-
inclement weather, inventory problems or other issues sors, manufacturers and leading retailers derive
prevent you from delivering a great customer experience." multiple benefits by implementing point-to-point
Leverage big data encryption. "By upgrading your terminals, you're
giving merchants the gift of increased sales, time
Last year's lessons are integral to holiday planning, noted and convenience," he stated. "You're also taking an
BigCommerce analysts, who contend that "learning from opportunity to make it a very sad Christmas for
your actions and formulating data-based insights is the hackers."
only way to enter the next holiday season wiser and more "Merchants that have an option from their acquir-
prepared than the previous." Following are suggestions on ers to do point-to-point encryption (P2PE) should
how to leverage data-rich merchant portfolios and CRM strongly look at implementing those options," said
systems. Capoccia said analytics deliver actionable advice Mark Carl, CEO at ControlScan. "Encrypting card
to help merchants make informed decisions. "For example, data at the point of interaction (POI) continues to be
if Black Friday was your best sales day in 2017, you might the most successful means of preventing a breach of
choose to open earlier this year to capture spillover traffic card data itself."
from doorbuster shoppers at Best Buy and Target," he said.
"Without access to this data or an easy way to sort through • Isolate, segment critical infrastructure: Carl ad-
it, business owners miss out on repeat business because vised merchants to isolate and segment POS envi-
they don't understand their customers." ronments from other more vulnerable systems and
monitor all systems in real time to protect from in-
Data-driven insights can help merchants audit their on- trusions.
line reputations, a critical imperative in today's always-on, • Schedule routine penetration testing: "Regular
always-connected economy. Capoccia recommends com- and ongoing penetration testing is one component
bining artificial intelligence with human oversight for best of a mature security program and can help identify
results. CRMs can identify negative reviews and respond vulnerabilities that were missed by systems manag-
in real time; merchants might also ask their best custom- ers during changes and upgrades," Carl stated.
ers to provide feedback, he stated. "In all cases, small mer- • Consider managed services: "Third-party security
chants should be running a proactive reputation manage-
ment program to engage with prospects and customers consultants and service providers can validate that
necessary controls are in place to protect the com-
online," he said. "Online review sites are often the first
touchpoint consumers have with a business; it's critical to plete environment or provide services that mer-
chants may not have the expertise or personnel to
maintain a positive online presence."
tackle themselves," Carl said.
Madelyn Newman, director of product and customer • Implement PCI tools: Christopher Skarda, security
marketing at CallRail, said, "Today's consumers are more analyst at SecurityMetrics, said the Payment Card
mobile than ever and increasingly transact from smart- Industry Data Security Standard provides tools to
phones. We pinpoint where phone calls originate, the web enhance security systems. These tools include in-
page a caller was visiting and what marketing resources trusion detection systems/intrusion prevention sys-
are driving the call." tems, internal and external vulnerability scanning
solutions, file integrity monitoring solutions, log
The ability to extract source data from a smartphone monitoring tools, and web application firewalls, he
URL and alert agents about an incoming call facilitates stated. "It is important to keep automated tools con-
meaningful discussions, Newman noted. Built-in report- tinuously tuned and monitored closely by human
ing tools can identify the busiest times of a day or week. experts for them to perform effectively," he said.
"If you're managing a call center and your Black Friday • Continuously monitor: Troy Hovorka, forensic ana-
call volumes more than double year-over-year, you want lyst at SecurityMetrics, said testing infrastructure is
to make sure you're armed with enough agents to handle an ongoing process that is never completed. "Load
those calls," she said. testing, along with its big brother, stress testing,
Reinforce security should be a regular part of any network or database
administrators job description, and it is no less im-
BigCommerce researchers devoted a section of holiday portant for programmers and QA engineers relative
planning to "technical site planning," counseling mer- to the scaling capabilities of an application or web-
chants to prepare networks and servers for increased site under development," he said. "Yes, it will cer-
transaction flows. Keep a clean house by maintaining tainly take additional resources and capital up front,
clean websites, testing third-party integrations and using but if you experience five minutes of downtime dur-
30
