What if you could go to a coffee shop, have your phone charged, and pay without taking your phone out of your pocket? What if you could quickly pay without handing out cash while waiting in line at the cinema or the bus station? Or drive up to the gas pump and back out with fuel already paid? The consumer is all about never stopping, so making transactions convenient and seamless is essential.
A Rapyd research report in 2020 revealed a growing trend where consumers are looking for cashless methods of payment. The pandemic has pushed more people towards adopting practices that do not require them to use card readers, key PINs, or touch screens, or even step out of their vehicles.
According to the same report, more than half of consumers are increasingly anxious about handling banknotes and coins. Instead of utilizing actual currency, 60% plan to use online and contactless payments. And almost a third are willing to see banknotes and coins phased out of circulation.
This is no surprise, given how contactless methods make it faster, safer, and easier to operate. However, there must be a balance in using technology and collecting individual identities (or PII) so that privacy violations do not jeopardize security needs.
Vulnerabilities in the network, such as spoofing and man-in-the-middle attacks, are routinely publicized by the media – committed by cybercriminals who get their hands on personal identifiable information.
A lack of a reliable solution, along with an ever-increasing reliance on the internet, has created an incredible and ongoing threat to everyone.
So, how do you protect the sanctity of your consumers’ PII?
1. Respect data minimization and take stock of your data.
Collecting PII should be a limited activity that provides only the data necessary to perform an operation. Do not collect any additional data that is not needed for the main operation. This will reduce the risk of a data breach or identity theft.
An SSN, for example, may be used to authenticate an individual’s identity, but it is no longer required after that. Companies should not store the SSN in such instances.
Also, keep track of all the information gathered about your customers and employees. You can consult your sales department, IT team, human resources office, accounting staff, and outside service providers to track PII across your company.
Most importantly, you should have answers to the following questions:
- Who shares PII with your company?
- What methods does your company use to collect PII?
- At each entry point, what kind of PII do you collect?
- What do you do with the PII you collect?
- Who has access to the PII you collect?
2. Encryption is key.
Data encryption is a vital business process, whether you’re protecting credit card data, personal information, or anything in between.
The lifecycle of data includes when it is in use, when it’s stored, and when it is in transit. Encryption is accepted as best practice in all these cases because it can protect your data from threat actors even if they intercept it.
Typically, businesses encrypt the following:
- Intellectual property (IP) or proprietary data (PD)
- Financial statements
- Personal identifiable information (PII) research and development data
- Sensitive customer data
- Details related to upcoming product launches
You can also encrypt sensitive emails before sending them out to protect your data from unauthorized access.
3. Protect your data through multi-factor authentication.
You may have noticed that most websites and online accounts now require you to enter additional or multiple authentication factors such as a PIN, another password, or even a fingerprint after entering your username and password. That’s called two- or multi-factor authentication (MFA).
Contrary to the traditional MFA method, adaptive MFA takes user behavior into account to calculate risk. It uses advanced risk-based intelligence and administrator policy to determine with greater accuracy whether or not a user should have access to a particular tool or application.
The “adaptive” part of adaptive MFA comes into play when proactive attempts to verify the user’s identity – like checking on their location through their device – don’t confirm that the person is who they say they are.
COVID-19 may have created a data security catastrophe, but these threats existed before the pandemic.
Despite the severity of a situation, a customer’s PII is of the utmost importance to any business and should be handled with care and respect.
Having a clear incident response plan in place is strongly recommended by the industry, and it is important for every business in a contactless world. Having said that, pandemic or not, all security and compliance issues need to be dealt with very seriously and promptly when safeguarding PII.
Rather than the perceived risks being something a company has no control over, the business management should take it upon themselves to set up the right security systems to make sure these risks do not become a reality.
Originally published at Dataversity