How Epicor Is Improving Payments Security for SMB Retailers
MAY 20, 2016 • Blog Post • BY SUE POREMBA, HPE MATTER
IN THIS ARTICLE
- Payment card industry (PCI) compliance frequently changes and could leave small business owners or their customers exposed to hackers
- Epicor’s preventive security tools improve the data security of transactions with encryption and tokenization
Epicor's Matt Mullen on how no business is too small to be a data breach target
No business is too small to be the target of a data breach. If a business allows credit card transactions or is connected to the Internet in some way, there is a risk.
“Fraud is moving down,” said Matt Mullen, vice president, strategy and product with Epicor Software Corporation, one of the nation’s largest enterprise resource planning (ERP) providers. Initially, hackers targeted what Mullen calls the Tier One groups in retail—big-box enterprises like Target and Home Depot—because they provided a large access area. Millions of records were available in a single breach and were a gold mine for cyber criminals.
In response to the attacks, Tier One retailers began to improve their security systems, leaving fraudsters searching for new, more vulnerable targets. “They are trying to take advantage of the data sets wherever they can find them,” said Mullen. Those data sets are now found in the small to midsize (SMB) market, and hackers are taking advantage of a retail population that uses minimal security.
“SMBs are an easy target for fraud, either by hacking or physical location fraud that happens by way of pass swaps or near field communication intercepts,” Mullen added.
Hackers are taking advantage of the SMB retail population that uses minimal security.
When asked if he thinks SMBs are taking security seriously enough, Mullen said it is a complex issue. “I think they try very hard to take security seriously, but part of the problem is it changes with great frequency and sometimes in great leaps.”
Usually it comes down to having the right knowledge or education about security and what it takes to run a secure network. Take payment card industry (PCI) compliance, for example. These regulations are updated regularly, often with very subtle changes that can have a huge impact for businesses that accept credit or debit card payments. “Our customers may not know the difference between PCI Security Standards 2.0 or 3.1, but they do know that they have to be compliant to PCI regulations, and they want to make sure they are secure,” Mullen said.
This is where a company like Epicor steps in. Epicor works with more than 7,000 small retailers to better improve their security position, and has partnered with Hewlett Packard Enterprise (HPE) to focus on payment transaction security. HPE’s secure data payment product is the backbone of the Epicor Transaction Security functionality, which utilizes secure stateless tokenization and format-preserving encryption. The security system limits the exposure of the data so if there is a hack attempt—and as Mullen pointed out, if the hackers really want in, they’ll find a way in—there won’t be anything there to steal.
“You wouldn’t leave cash sitting in the register overnight, even if the store is locked, in case of a burglary,” said Mullen. “This is the same concept.”
A data breach can destroy a small business that may have been in the family for generations.
It’s not only about protecting the data from a breach, it’s about avoiding the ramifications of a breach. A single data breach can destroy a small business that may have been in the family for generations or is the sole source of revenue for the owner. The penalties and fees involved with compromised credit card or personal data can be so crippling that the shop has to close. But by leveraging HPE’s secure data payment product into its own overall payment and application ecosystem, and by providing transaction security to its customers, Epicor helps SMB retailers prevent the biggest possible exposure to their business.
“These SMB retailers look to us for guidance and solutions on security,” said Mullen. “More importantly, they look to us to understand the regulatory environment and the changing certifications. They need to know that we are working in their best interest and helping them drive toward the status they need to stay secure and operational.”