Super Bowl Payments Fraud Requires a New Defensive Gameplan

Register now

Super Bowl attendees are predicted to spend an average of $82.19 on food, decor, team apparel and more, up from $77.88 last year. Total spending for Super Bowl 50 is expected to top a whopping $15.5 billion.

While this can be a great profit driver for businesses, it also leaves them vulnerable to a variety of data breach schemes, which can greatly undermine customer loyalty and their bottom line.

Payment providers are like the right and left guards of a football team’s offensive line. We protect businesses from all sides so criminals can’t make a tackle and hack into their systems. Here are a couple of ways that we can stand on the line of scrimmage and provide the best possible defense of Super Bowl proportions for our customers.

Add a Strong Line of Defense to Accepting Payments.

Businesses know that accepting payments is mission-critical to making it easy for customers to do business with them. The point of sale (POS) device – whether it’s a terminal, tablet or mobile phone even – makes all card transactions possible, but that means multiple points of entry for hackers too. Consider this scenario: The biggest Broncos fan shows up at Levi’s Stadium and buys beer and nachos from one vendor, a foam finger elsewhere and a t-shirt from someone else. The business owners reap the rewards of the sales; meanwhile, criminals score a touchdown if they can access anyone one of those merchant’s terminals and score the cardholders’ data.

As we in the industry know, cyber criminals have become more sophisticated in their attacks. The best way to secure data includes a combination of technologies that protects cardholder data from the time a customer swipes his/her card all the way until the transaction is complete. This layered approach is recommended by Elavon for businesses of all sizes.

So, what does a layered approach look like? The following play calls should look familiar.  

End-to-end encryption ensures sensitive information requires a “key,” or a constantly changing numerical code to access. Data that’s in transit between a POS system and processing locations is scrambled, making it illegible until it reaches an end point. However, effective management of encryption key access is a crucial step in keeping customer information secure.

Tokenization is another element to card security methods. With tokenization, after being tendered, customer’s card information goes to a third-party payment gateway. That information is then turned into a “token” – useless for parties besides the merchant and payment gateway, due to imposed boundaries. In other words, hackers can’t duplicate a token to purchase things elsewhere.

EMV, which you are probably familiar with by now, has been used worldwide for years and has finally been rolled out in the United States. EMV technology essentially reads advanced algorithms contained on chip cards to authenticate that the card is not counterfeit.

Don’t Fumble the Technology: Proper Handling of Human Error.

While secured or unsecured technology can be a major player when it comes to breaches, businesses also need to evaluate the role of human error in security attacks. When game day comes and fans start to get chaotic, there’s an opportunity for human error– especially at the stadium. According to IBM’s 2014 Cyber Security Intelligence Index, 95% of all security incidents involved human error throughout 2014.This could happen in numerous ways (i.e., system misconfiguration, sharing sensitive passwords, leaving POS systems unattended, etc.). So how can businesses mitigate the risk of human error? Here are a few defensive plays.

Implement automated safeguards such as cryptography or password management – this gives businesses the ability to store passwords as encrypted data similar to cardholder encryption.

Educate employees through general awareness security training – it’s always a good idea for businesses to educate new and current employees on ways to keep the business safe, whether it’s a stadium restaurant, beverage vendor or a team memorabilia shop.

Develop a strong security posture and incident response plan – being prepared is always a good thing so businesses should always have a list of things to do in the event of a breach, including reaching out to their payments processor as soon as possible.

Conduct security audits, internal control and system monitoring to help mitigate the consequences of error – these preventative measures may sound expensive, but they are a great way to prevent a data breach, which could easily cost much more.

In the end, there is no perfect detection and prevention technology for everyone. However, with the appropriate policies, technology and education, merchants can dramatically decrease their odds of having customer information breached. Fans want to celebrate the big game and have some good old-fashioned fun. The only thing they should be worried about is their team’s defense – not if their card information was stolen after buying those game face tattoos and bobble heads at the stadium store.

Guy Harris is president of Elavon North America.

For reprint and licensing requests for this article, click here.