Why considering proprietary cards is always worthwhile.
Many organisations understand the importance of securing cardholder data, and while that’s a noble and important aim, there is more that needs to be done to limit the risk associated with holding and storing additional card data.
When we talk about card data, we aren’t just talking about credit and debit cards. In fact, credit cards can be the tip of the iceberg – and by failing to address your whole card data ecosystem, there could be a big ‘ole chunk of ice lurking underneath the waves ready to spell disaster at any time.
That’s because many organisations fail to consider the damage proprietary cards (prop cards) could do. Whether it’s a customer loyalty card, transport card or specialised rewards program, unsecured prop cards can do damage.
One interesting feature that QuasarScan possesses is the ability to be configured to scan for a specific Banking Identification Number (BIN) range or prop card between 13 and 19 digits. But why is it so important to scan for prop cards – and why can it be just as important to scan for prop cards as payment cards?
We will address those questions in the following article.
What real-life data is associated with the card?
First, it’s important to note that, in most cases, there is vulnerable personal and confidential information associated with prop cards. We’re talking about things like social security numbers, health information (e.g. mental or mobility issues), home addresses, phone numbers, passport numbers or driver’s licence numbers. That information, called Peronally Identifiable Information (PII) represents a significant privacy risk if it were to be breached.
There’s a lot a hacker could do with a home address and passport number – so make sure your customers aren’t left vulnerable to identity theft because of your unsecured data.
Thankfully, QuasarScan can find and highlight areas for further investigation, which an organisation can then look at with other partners or experts depending on the level of risk profile discovered by the scan.
What risk to your business does the information present?
As prop cards are generally associated with a specific industry or business, the risk of a data compromise becomes extremely targeted on a specific organisation. For this reason, it’s important to address and mitigate the risk by scanning for prop cards.
A leak of this information could have catastrophic consequences for businesses. Imagine you’re a big retailer with thousands of sticky, loyal customers. One data breach and those loyal customers could lose all trust in you – and poof – just like that, you’ve lost half of them to your rival.
Furthermore, a hack could result in heavy fines and significantly higher insurance costs. So, not only could you lose revenue and be forced to pour more resources into winning back the trust of customers, you could also face an increase in the cost of doing business – eroding profit margins at both ends.
Supporting your privacy obligations
Additionally, scanning for prop cards and uncovered, unsecured PII is often a control which helps organisations support their privacy obligations. Whether you need to meet GDPR, Australian Privacy Principle (APP), starting with the California Consumer Privacy Act (CCPA) in the US or other standards, prop card scanning enables you to identify data and de-risk the data you process.
Once you know about what prop card data you hold, you can then encrypt, segment and delete it where appropriate. And remember, if you don’t need it, don’t store it!
Make sure to scan for prop cards
There are several big reasons why prop card scanning is recommended. Organisations should never lose sight of confidential information and remember that there is always a person at the end of it. That person has placed their information in your care, and would be the one who is personally impacted if their data fell into the wrong hands.
That can have several major consequences for you; be it huge fines, a massive loss of consumer confidence and the scary impacts for businesses that would follow.
So, to sum up: don’t forget about prop cards – treat them as a vital part of compliance and you’ll be safe!