FierceRetail: Data breaches – Will retailers step-up their game?

October 21, 2014


At this point the “data breach” headline is borderline yawn-inducing, but it doesn’t mean consumers aren’t noticing. It may not result in an all-out boycott, but most people are feeling wary of breached stores. But what is actually causing this surge? Are retailers fighting back? Are there really more breaches, or are we just being told about them more often? The truth is, the surge is real. Data has become more valuable on the black market than ever before, making cyber criminals more aggressive. Additionally, companies are now more capable of catching these breaches whereas before they may have gone undetected. Finally, it is started to become commonplace to be honest when a breach happens–it can be much more damaging to try and hide it.

Our CEO, Jeff Shanahan, recently spoke to FierceRetail about what it takes to truly secure data, and why some companies are hesitating to get on board.

“When the Target breach occurred 10 months ago, it should have spurred retailers to immediate action, as an alteration of the current payment architecture most retailers have in place was in need of obvious fixing,” said Jeff Shanahan, president and CEO at CardConnect, a payments technology company. “Obviously, we’re still witnessing signs that the proper changes are not yet in place. It would seem that a lack of awareness and questions surrounding integration are what is causing the delay. We’re talking about new technologies that retailers may not be familiar with.”


Once retailers are familiar with the proper technologies, the question becomes integrating the most-secure hardware into existing ecosystems without disrupting service, according to Shanahan. A retailer can’t afford to incur interruptions in inventory or loyalty programs. “For large-scale retailers like Kmart, fully revamping the payment hardware used in each store can seem daunting, but it’s a necessary change in order to avoid a breach, which is a much scarier and costly situation,” he added.



Retailers need a short- and long-term approach, said Shanahan. Immediately, retailers need to make access to their outbound network as tight as possible. “For areas that contain sensitive data, this means an entire lock-down,” he said.


In the long run, retailers should solidify a project that would remove the company from any raw credit card data. “The key is for a business to remove all real touch points with actual card numbers, thus safeguarding its customers in the event of an attack.”

Check out the full story on FierceRetail.