Data Security Must be a Priority for Businesses in India

Security is only as strong as the weakest link

Opinions expressed by Entrepreneur contributors are their own.

You’re reading Entrepreneur India, an international franchise of Entrepreneur Media.

India is becoming a world leader in online and digital payments, both in terms of the volume of payments made and the rate at which online payments are increasing. For this to continue, consumers need to know that businesses are making the safety of their payment card information a top priority. As a result, more and more businesses are relying on third-party payment service providers for payment processing, as this allows them to focus on their core business while outsourcing these services to specialists.

Even if you outsource, you still have a duty of care to your customers

One of the brilliant things about outsourcing your company’s payment security problems is that it is no longer your responsibility to make sure your customers’ payment data is secure, right? This is one of the most common misconceptions about data security, and it can be a career-ending error for any business owner or decision-maker.

When somebody pays a merchant for goods and services – whether a pair of trainers, groceries, a hotel room or a restaurant meal – that merchant is responsible for the transfer of the data to the payment service provider. If the merchant has not implemented the right security processes and applied them to the transfer process, then customer payment data is vulnerable to theft at all points during the transfer process.

This situation can allow a merchant to be the victim of what is called a “Man in the Middle” attack – a form of data theft that occurs when a hacker sits in the middle of a transactional process between two parties. With this attack, hackers insert malware that redirects merchant transaction data intended for the payment service provider to the criminal. When this occurs, all payment data being redirected comes through the hacker first and the hacker then sends it on to the payment service provider. The payment service provider is often not aware that this attack occurred. The hacker then packages up the data and sells it to the highest bidder. In the most extreme examples, hackers have been known to sit in the middle of these processes undetected for more than four years.

Know your customer? Know your supplier.

The second issue is that anybody can become a payment service provider. It is the responsibility of a business owner, operations executive or IT manager to undertake proper due diligence before selecting a payment service provider.

Payment service providers must have security controls and processes in place that protect payment card data in accordance with the PCI Data Security Standard (PCI DSS).   If customer data is stolen, it is the merchant, not the payment service provider that makes headlines. A lot of businesses that experience major payment data theft fail because the financial and reputational recriminations are simply too great a challenge to recover from.

As a result, it is imperative that merchants ask for proof that their payment service providers have undergone a successful PCI DSS assessment by a PCI Qualified Security Assessor.

India at the payment security frontier

India is one of the fastest growing economies and the popularity of e-commerce and mobile commerce has exploded in recent years. This is fantastic for international and domestic trade. However, the Indian market now attracts truly global attention. As millions of Indian consumers go digital each year – the value of digital transactions using digital wallets has gone up by 64% in just one year – the opportunity for data theft increases exponentially

What business leaders must do

Data security and management is no longer the sole responsibility of data or IT managers – the board of directors, including the CEO, are equally accountable. As a result, there are a number of business imperatives for companies in India. First, the CEO must start to take data security seriously. This starts with hiring someone who will ensure that their security department has the right processes in place, covering both their own security efforts and ensuring due diligence is undertaken with all third parties. This is an issue for businesses of any size.

Second, the CIO must ensure that their security departments are securing payment data, specifically according to the PCI DSS, regardless of third-party outsourcing options. If they are not, customer payment data is not safe.

Third, CFOs must implore their board to invest in data security. No matter the health of the economy or sector, every business has financial pressures and investment in data security must be made a priority.

Fourth, and maybe most important, is training. People are a critical part of keeping payment data safe and secure. Matter how good their payment service provider might be, businesses cannot overlook the importance of training their own staff on security basics. Data security training programmes, which are designed for all levels of staff at almost any type of organization, exist and are available. To protect their customers’ payment data, businesses must make data security education part of business as usual for their staff.

Conclusion

Keeping customer data safe not just an IT issue – it requires people, process and technology working together securely. Failing to conduct secure business is a major reputational issue for any marketplace. To counter this, India’s business leaders have a responsibility to enable and promote payment data protection that ensures the long-term success and development of their own company’s future as well as the wider Indian economy.

Article originally posted by entrepreneur.

This entry was posted in Business. Bookmark the permalink.
5 Work Laptops With 10+ Hours of Battery Life
Uncategorized

5 Work Laptops With 10+ Hours of Battery Life

For some small business owners, long battery life is the single most important feature a work laptop can have. If you're one of the many entrepreneurs who work long days, often away from a power source, and want a laptop that works as long and hard as you do, this…

Read

Alibaba is Going All Out on Cloud Computing Technology
Business

Alibaba is Going All Out on Cloud Computing Technology

The e-commerce giant's cloud service operates in 49 availability zones in 18 regions around the globe It looks like there’s no stopping Alibaba from expanding its footprint in the Indian market. After investing $300 million in online grocery store Big Basket, the Chinese e-commerce giant has partnered with mobile payment…

Read

How to Make Amazon Prime Work for Your Business
Uncategorized

How to Make Amazon Prime Work for Your Business

Amazon Prime is a membership program designed to offer customers perks for loyalty to the retail giant. Consumers who sign up for a $99 annual fee (or opt for a $12.99 monthly fee) enjoy free two-day shipping, free streaming of video and music, and access to e-books. But businesses also…

Read

She Proved That Nothing Can Get In The Way of Determination
Business

She Proved That Nothing Can Get In The Way of Determination

Shariah Edwards simply graduated from Power Center Academy High School, a contract school in Memphis, Tennessee. Presently, she's looked with an assignment numerous current secondary school graduates must do - - pick which school of those she was acknowledged to she needs to go to. Be that as it may, Shariah's circumstance…

Read

China Becomes World’s Biggest Online Community
Business

China Becomes World’s Biggest Online Community

Amid tight control, the country's population has set a record by crossing a mark of 800 million Internet users China has always been in the news for internet censorship owing to laws and administrative regulations. Amid this tight control, the country’s population has set a new record by crossing a…

Read

Best Travel Sites for Businesses
Uncategorized

Best Travel Sites for Businesses

Falling victim to an eleventh-hour business trip is unavoidable. You're working on a project, firing on all cylinders with your employees and clients, and then a massive hurdle comes your way: You need to touch base with clients in Seattle, and you need to be there in two and a…

Read

Management Theories Every Small Business Owner Should Know
Uncategorized

Management Theories Every Small Business Owner Should Know

Small business owners and managers can benefit from learning about the theorists whose work has given rise to many of the leadership approaches as well as the best (and worst) practices used to guide and grow organizations of all sizes. By putting these approaches within a larger historical context, business…

Read

9 Best Apps for Jira
Uncategorized

9 Best Apps for Jira

You may know Atlassian's Jira as a bug-tracking and software development package. But it's so much more than that now. For small businesses, Jira can help teams organize and manage a diverse array of projects, processes, and tasks for a spectrum of non-technical business specialties like law, HR, marketing, finance,…

Read

Don’t Wait for the Government: Entrepreneurs Are Keeping America Great
Business

Don’t Wait for the Government: Entrepreneurs Are Keeping America Great

Entrepreneurs are helping their local communities by introducing products and technologies for new markets across the country. Opinions expressed by Entrepreneur contributors are their own. Although popularized by Donald Trump, the “Make America Great Again” slogan goes back to Ronald Reagan’s 1980 presidential campaign. It's associated with politics, but the idea isn’t about…

Read