The Importance of Protecting Cardholder Data During Black Friday and Cyber Monday


The two biggest shopping days of the year—Black Friday and Cyber Monday—are almost here. These multibillion-dollar consumer spectacles kick off the holiday season for merchants and retailers, making this an extremely lucrative time for businesses and a valuable opportunity for them to evaluate their practices for securing payment card information.

Last year, Black Friday tallied $5 billion in consumer spending, and Cyber Monday topped that with $6.6 billion. But swarms of eager shoppers aren’t the only ones excited about holiday deals—this increased traffic also attracts hackers and cybercriminals looking to steal payment card and personal information. Whether they’re creating fake mobile apps to trick consumers into giving them their sensitive data or they're breaching a company’s cardholder data environment, threat actors are relentless, and they continue to find new, creative ways to steal information.

In recent years, prominent companies such as Target and Adidas have fallen victim to high-profile breaches during Black Friday, costing them millions of customer records and dollars in the process—not to mention priceless loss of consumer trust. Although data security is a year-round concern, the increased volume of customers and its associated risk during the holiday-shopping season makes it an especially important time of year to ensure effective security measures are in place.

With an average of nearly 200 million Americans participating in the holiday-shopping swell, there’s a tremendous amount of potential data to steal, and that sensitive data is also being sent across numerous payment channels that must be protected from malicious apps, malware, and other threats. Just because your in-store POS system is secure doesn’t mean the same goes for your ecommerce site. Payments made via an online storefront, a call center operator, an app on a mobile device, or a self-service checkout in a brick-and-mortar store all present an opportunity for theft that needs to be deterred.

Our Solution: Omnichannel Tokenization

By utilizing our Cloud Security Platform, we can leverage cloud-based tokenization to secure and desensitize payment data regardless of where the payment is occurring. We safely and securely transmit tokens across multiple channels, achieving omnichannel acceptance for card-present and card-not-present transactions. Wherever the payment is received, we simply exchange PANs for mathematically unrelated tokens, which can be stored in your cardholder data environment for repeated use to allow for a more convenient customer experience.

This flexible approach improves security and reduces the scope of PCI compliance by removing sensitive data from your environment and storing it safely in our cloud vault. In the unlikely event that a data breach does occur, thieves still won’t be able to access the sensitive payment card data. Instead, they’ll be left only with tokens—nonsensitive data that is worthless to hackers. No data, no theft.

So while you’re ramping up for the holiday-shopping rush, take the time to consider your organization's security practices and whether you’re adequately addressing the risks. You don’t want holiday hackers to spoil the most wonderful time of the year for you and your customers.

Topic(s): data security , privacy

Keep Up With Our PCI & Privacy Blog