Learn

Business Resource Center

Interested in business banking?

Learn more

How to protect customer data from cyber attacks

people icon
87% of respondents in a PwC survey said they would do business elsewhere if they didn't trust the way a company handles their data.

2. Use an EMV chip reader

Credit and debit card data stored on embedded microprocessor chips is more difficult for would-be thieves to capture and use for making counterfeit cards than the kind stored on the old magnetic stripes. If you've put off investing in payment card processors that can read embedded microprocessor chips, it's time to make the switch.

EMV chip technology (the acronym stands for Europay, Mastercard, and Visa, the companies that originally developed it) is now the retail industry standard. Chip card readers are installed at 63% of all U.S. in-store payment terminals, according to U.S. Payments Forum.3

3. Secure online payment data

If you conduct business online, your payment processing system should use encryption and tokenization to reinforce the guardrails against the theft of customer data. Encryption encodes customers' credit card information, so the wrong eyes won't be able to read the information as it's transmitted through your processing system or over the internet.

Tokenization adds another layer of protection by removing any readable data from your system altogether. With tokenization, sensitive data is automatically converted into a unique, random set of characters — called tokens — that retain the essential information in the original form while preventing that data from being stored in the merchant's computer system. The key to translating the tokens into meaningful information is safely stored on a remote payment processor database, called a token vault. Only the payment processor can read the tokens.

4. Be careful and transparent about sharing data

In the PwC survey, 71% of respondents said they would stop doing business with a company for sharing their sensitive data with third parties without their permission. While consumers want to control their personal data, it's probably fair to say that many are confused about or unaware of the data-sharing practices of the businesses they deal with.

Keeping customers in the dark about your data-sharing practices leaves you open to backlash and public scandal if the data is ever misused. Transparency is always the best course, along with ensuring that the parties with whom you share your customers' data have strong protocols in place to protect it.

Creating and posting a privacy policy with clear language and easily understood options will empower your customers to control access to their personal data. It also demonstrates a respect that fosters greater customer loyalty.

Taking steps to keep your customers' data safe lets them know you have their back — and that will keep them coming back to spend their dollars with your business.

Important Disclosure Information

This content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.

  1. PwC, “How consumers see cybersecurity and privacy risks and what to do about it," accessed August 27, 2019. Back
  2. Paroma Sen, “How to Build a Customer-Focused Data Protection Policy in 2018?" MarTech Advisor, published December 22, 2017. Accessed August 27, 2019. Back
  3. U.S. Payments Forum, “US Payments Forum Market Snapshot: Updates on EMV Certification Timelines, Chip at the Pump, Contactless Transition and Current Forum Priorities," published August 15, 2019. Accessed August 27, 2019. Back