Next week in Las Vegas the PCI Security Standards Council is hosting a community meeting that will bring together some of the world’s foremost experts on payment card cybersecurity. This event, the most extensive of its kind in Las Vegas, will be a gathering place for cybersecurity experts to share ideas, highlight best practices and discuss potential threats from cybercriminals.
This gathering is especially important for Las Vegas, the hospitality capital of the world with more than 42 million visitors last year. Las Vegas holds more than 21,000 conventions a year that attract nearly 6 million convention delegates and attendees. That is a lot of hotel rooms and restaurant reservations.
Looming over all this are cybercriminals who specifically target the hospitality industry. The hospitality and restaurant industries in particular, are high-value targets for cybercriminals. In addition to larger brands, cybercriminals are now finding it easier to target multiple small restaurants. In fact, nearly half of cyberattacks worldwide in 2015 were against small businesses with fewer than 250 workers.
Restaurateurs are not technology experts. It is for this reason the PCI Security Standards Council and the National Restaurant Association have partnered to create the Small Merchant Taskforce, which raises payment card security awareness for the hospitality industry, especially smaller businesses.
The cost of cybercrime is on the rise around the globe. According to a study by the Ponemon Institute, the average consolidated total cost of a data breach is now $3.8 billion, representing a double-digit increase in recent years. In the United States, the country hardest hit by cybercrime, the average cost of a computer breach is now $6.5 million, well ahead of the global average.
Stealing our personal and payment information is something cybercriminals do over breakfast. Some are individuals, but more often many attackers are part of organized crime syndicates. For the global economy, cybercrime is one of the greatest collective threats of our time.
It might come as a surprise to many that almost all of the headline-grabbing payment card data breaches we’ve seen over the past few years were entirely preventable. Most breaches involving credit card data have been neither sophisticated nor “new.” A study by Verizon stated that 99 percent of breaches in 2014 were caused by known vulnerabilities with fixable patches.
The good news is we know what works for protecting data and what doesn’t. Strong security protection principles that involve people, process and technology all working together in an atmosphere that prioritizes data security are vital for all of us to protect ourselves, our families and our companies.
So what actions can we take today to protect ourselves and our customers? For starters, many companies need to change the way they view security and make it a 24/7 priority. Data security must be deeply ingrained into an organization’s culture, not layered like frosting on a cake but baked in from the start.
Given the sheer number of data breaches over the past several years, more and more restaurants are making cybersecurity a greater priority by investing in technology, training and staff. Restaurants are installing payment systems that take advantage of EMV chip technology as well as the more sophisticated security technologies.
The Las Vegas hospitality industry is a shining example of an industry that makes payment security a high priority. Restaurants take cybersecurity as seriously as they take food safety and customer satisfaction. However, we rely on banks, credit card companies and those who develop and maintain the payment ecosystem to put secure systems in place. That is why the National Restaurant Association, PCI and our partners are working together to educate our members, find solutions to prevent cybercrime and ensure our work-force and our patrons’ data remains secure.
Stephen W. Orfei is general manager of PCI Security Standards Council. Sam Facchini is co-owner of Metro Pizza and treasurer of the National Restaurant Association Education Foundation.