Examining how to protect your business data and your customers’ information requires looking beyond normal operating procedures companies employ. Protecting sales with a variety of procedures is paramount to protecting not only your company reputation and sales but the customers’ data. The problem, I see, with last minute measures being taken by the companies and organizations is that the efforts are trying to give two-dimensional protection in a three-dimensional world.
The best explanation I can come up with to explain my version of two-dimensional protection is, many companies are still using systems developed over the last few decades, to protect parties known to the company or that have a relationship with the company. Our new three-dimensional world now allows buyers to be completely anonymous but the buyer may use any identity that they wish to and you as the company need to just take their word for it or risk upsetting a potentially good customer. It use to be buyer beware, today’s world is turning into company beware
Companies should consider the following. Companies should store personal and sensitive data on a system separate from the system(s) that are accessible or used by parties outside the organization or normal internet use by company personal in their daily duties. This secondary system should have lockdown procedures to only allow transfer of sensitive or personal data to the system, not from the system except to authorized personnel within the company. The lockdown should also restrict the authorized personnel to access this information on separate system(s) that is not directly or indirectly connected to any outside system. Protection programs utilized by these systems need to recognize protecting the individual purchasing patterns and not a general review of information that is deemed “looks like it is safe”.
Consumers and companies also need to take steps to protect themselves and should request automatic notification updates from the various financial institutions and credit card companies they may use. Request when accounts are logged on as well as when purchases or other transactions are above specific amounts or outside of the normal purchasing patterns. For some parties this may involve receiving a number of notifications per day and my recommendation is not to just glance at them or ignore them. If the financial institution and credit card company is unable to supply this information to you to protect you then consider either changing to another company or minimizing use of them.
Fraud and data protection is a process that companies believe they are properly investing in until a loss occurs. Because of the many high profile losses more attention has been given to making systems safer. Unfortunately data losses are still happening daily and some losses are happening to the same companies multiple times.
The goal needs to be making the process and software program protect at a more granular level that does not affect the party making the purchase but still has an extremely high level of fraud and data protection. As previously stated in this series, Utilization of a multi-level and multi-dimensional system that also utilizes an automated secondary system for anomalies in recognizing separate transactions has increased advantages in stopping fraudulent transactions especially after a breach has occurred.