Learn

Business Resource Center
Back

How to Protect Your Customers' Data From Cyber Attacks

You know it's critical to safeguard your company's proprietary information from cyber attacks. But don't forget you're also the steward of the personal data your customers share when they do business with you. If that data becomes compromised, you could risk the loss of business from current and potential customers who fear their data isn't safe with you.

Consumers are quite skeptical about how well companies are protecting their data. In a PwC report based on a survey they conducted in 2019, only 25% of respondents said they believe most companies handle their sensitive personal data responsibly.1 And those doubts can lead to sharp declines in customer loyalty, as 87% of survey respondents said they will do business elsewhere if they don't trust the way a company is handling their data.

You can earn your customers' trust and loyalty by guarding their personal information from cyber thieves as carefully as you do your business data.

Follow these four steps to protect your customer data from cyber attacks.

1. Establish a Data-Protection Policy

Create formal guidelines around the types of customer data your company collects and the methods you use to gather and store the data. Be sure your policy is consistent across every type of device, application, business function, and geographic location where data collection occurs.2

Incorporate rules limiting which company reps will have access to customer data. Then provide training for employees so they understand how to comply with your policy — and how important it is to protect customers' private information.

Have a plan in place for what to do if a data breach occurs, including how you will inform customers and help them lower their risk of negative consequences.

people icon
87% of respondents in a PwC survey said they would do business elsewhere if they didn't trust the way a company handles their data.

2. Use an EMV chip reader

Credit and debit card data stored on embedded microprocessor chips is more difficult for would-be thieves to capture and use for making counterfeit cards than the kind stored on the old magnetic stripes. If you've put off investing in payment card processors that can read embedded microprocessor chips, it's time to make the switch.

EMV chip technology (the acronym stands for Europay, Mastercard, and Visa, the companies that originally developed it) is now the retail industry standard. Chip card readers are installed at 63% of all U.S. in-store payment terminals, according to U.S. Payments Forum.3

3. Secure online payment data

If you conduct business online, your payment processing system should use encryption and tokenization to reinforce the guardrails against the theft of customer data. Encryption encodes customers' credit card information, so the wrong eyes won't be able to read the information as it's transmitted through your processing system or over the internet.

Tokenization adds another layer of protection by removing any readable data from your system altogether. With tokenization, sensitive data is automatically converted into a unique, random set of characters — called tokens — that retain the essential information in the original form while preventing that data from being stored in the merchant's computer system. The key to translating the tokens into meaningful information is safely stored on a remote payment processor database, called a token vault. Only the payment processor can read the tokens.

4. Be careful and transparent about sharing data

In the PwC survey, 71% of respondents said they would stop doing business with a company for sharing their sensitive data with third parties without their permission. While consumers want to control their personal data, it's probably fair to say that many are confused about or unaware of the data-sharing practices of the businesses they deal with.

Keeping customers in the dark about your data-sharing practices leaves you open to backlash and public scandal if the data is ever misused. Transparency is always the best course, along with ensuring that the parties with whom you share your customers' data have strong protocols in place to protect it.

Creating and posting a privacy policy with clear language and easily understood options will empower your customers to control access to their personal data. It also demonstrates a respect that fosters greater customer loyalty.

Taking steps to keep your customers' data safe lets them know you have their back — and that will keep them coming back to spend their dollars with your business.

Important Disclosure Information

This content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.

  1. PwC, “How consumers see cybersecurity and privacy risks and what to do about it," accessed August 27, 2019. Back
  2. Paroma Sen, “How to Build a Customer-Focused Data Protection Policy in 2018?" MarTech Advisor, published December 22, 2017. Accessed August 27, 2019. Back
  3. U.S. Payments Forum, “US Payments Forum Market Snapshot: Updates on EMV Certification Timelines, Chip at the Pump, Contactless Transition and Current Forum Priorities," published August 15, 2019. Accessed August 27, 2019. Back