Beyond Point-to-Point Encryption: The Importance of Whole-Store Cybersecurity

Constant news headlines about data breaches serve as a critical reminder to merchants to shore up their cybersecurity defenses. It’s no wonder that retailers are embracing Point-to-Point-Encryption (P2PE) to protect credit card transactions while reducing the complexity and scope of PCI compliance. But P2PE only protects credit card transactions. 

Today’s retail environment relies on digital solutions for everything from omnichannel customer experience to employee engagement and store operations — and demands a whole-store approach to cybersecurity in order to preserve business capabilities while engaging effectively and safely with customers.

P2PE provides effective protection for credit card transactions, encrypting payment card data at the card reader and reducing the exposure of the cardholder. It is not, however, failsafe protection against hacking and breaches into the rest of the store. If there are security weaknesses in the store network — for example, through IoT devices like security cameras, media players, temperature sensors, or Wi-Fi  access points — retailers may still be vulnerable.

Protecting a merchant’s ability to run the business includes protecting everything on the store network, from customer loyalty data, back-office payroll, inventory management systems, media players, ATM machines, and lottery kiosks. As merchants take concrete steps to protect credit card data through P2PE, they also should take steps to strengthen their network security operations for end-to-end security to keep both the store and the business safe. 

A whole-store approach to cybersecurity begins with adequate security standards and protocols. Complying with standards, such as the Payment Card Industry Data Security Standards (PCI DSS), is the starting point. Other best practices include segmenting and regularly monitoring store networks for unusual activity and ensuring all software is up to date. The simple act of timely software updates can make a significant difference in patching security flaws and keeping bad actors out of the network. 

Finally, in an industry with as much turnover as retail, it’s important to consider the human element in network security. Security-smart retailers will combine routine cyber safety training for employees paired with regular updates to network permissions to ensure that employees only have access to the functions they need to fulfill their responsibilities. 

The most reliable networks provide more than just adequate security measures — they provide “always-on” availability. A P2PE solution (or any enterprise application or service) is only as good as the network connectivity. Complete outages may be rare, however slow application performance due to network congestion, latency, and packet loss occurs far more frequently and can be equally disruptive to the customer and employee in-store experience.  

When outages and congestion occur, a store can’t process payment transactions. This leads to lost sales in the moment and may negatively influence future sales. For that reason, networks with reliable backup that activates automatically in the event the primary connection fails can help to mitigate risk for retailers. Having a security provider that understands these important network reliability issues, who can integrate the failover solution into the security plan will ensure that the high-availability components don’t reduce the overall security infrastructure. 

Finally, maintaining whole-store security demands an agile and flexible network. The network is not a static entity; it must be designed to change and grow with a business. As cyber threats continue to evolve, a store’s cyber defenses should similarly adapt. Artificial intelligence (AI) and machine learning (ML) technologies dramatically magnify a retailer’s ability to analyze data; and bringing in a managed services provider with AI/ML expertise will help focus limited internal IT resources where they will make the most difference in the business. 

A digital-dependent enterprise must be able to make business decisions without worrying that the network security infrastructure can’t protect or adapt easily to support the new environment. 

Just as retailers’ businesses are evolving, so must their approach to cybersecurity. Amid a constantly changing threat landscape, rising IT costs and lack of available cybersecurity professionals, providing whole-store cybersecurity is no easy task for the average retailer. One solution many retailers turn to is to partner with a managed security service provider (MSSP) to augment existing IT and security staff and provide the latest cybersecurity technology. 

MSSPs give retailers the freedom to scale their businesses and can ultimately lead to cybersecurity savings. Beyond providing greater security, this can also help retailers focus on what they do best: building meaningful customer relationships and securing sales.

— Tim Tang, Director of Enterprise Solutions, Hughes Network Systems