This month Visa has reported an increase in the number of network intrusions involving service providers. It also reports increases in re-breaches of merchant payment environments and skimming incidents (July 2017). The company has therefore issued an alert to remind merchants of their obligations if a compromise occurs and to advise on the need to engage a Retained Forensics specialist.
It is not uncommon for card processors to send out emails warning of heightened risks. Yet it appears these are often overlooked in busy inboxes. In this instance, the warning is very real as card usage in the UK continues to rise.
The most recent statistics from Visa reveal that in April 2017 1,386 million purchases were made in the UK. That is a total spend of £58 million in one month alone and represents a number of ongoing upward trends including an overall increase in the usage of cards. Contactless payments now account for 30 per cent of total purchases compared to 16 per cent a year ago. It is not surprising that ingenious criminal minds are ramping up their activity in the card payment environment.
The message in Visa’s warning is that prevention is better than cure. If a suspected or confirmed data compromise occurs the PCI will compel the merchant to engage a PCI Forensic Investigator (PFI) at their own cost. If failure to protect the card environment is discovered, then fines are inevitable. In this instance the cost of mitigation together with the damage to a business’ reputation will be considerable.
Visa’s alert specifically mentions the recommendation to engage a Retained Forensics specialist to prevent a potential breach occurring in the first place. In today’s card processing environment, never has engaging a Retained Forensics team made better business sense.
This is where we come in. At SRM we are one of a handful of companies in the UK retained by the PCI to carry out PFI investigations. But we also offer a bespoke Retained Forensic service, which uses this expertise to proactively manage systems before an attack occurs. In this way, organisations can use our Data Forensic Investigations team to meet compliance requirements but also to build robust defences and test those strategies in a controlled manner, before the worst actually happens.
We do not recommend services or tools you do not need, preferring to use our extensive experience and understanding of the online retail world to set up a targeted plan of action and remediation which will keep your business compliant and as secure as it is possible to be. Given the persistence and resilience of cyber attackers there is a remote chance that a system might still be attacked. With a robust plan in place, however, remedial action will be swift, minimising financial and reputational damage. Demonstrating a proactive approach to protecting your customer’s data also puts you in a stronger position when dealing with acquiring banks or any other regulatory authorities.