We’re only a few months into 2018, and already more major data breaches are coming to light. A security research company recently discovered that hundreds of thousands of FedEx customers’ passports, driver’s licenses, and other identifying information were left unsecure and exposed.
A Close Call for FedEx
The data comes from FedEx Crossborder, a branch of the company that was closed in 2017, but according to ZDNet, FedEx is only partly to blame. The breach originates from a company named Bongo International. In 2014, FedEx purchased Bongo International and rebranded it as FedEx CrossBorder. Bongo’s data was stored on an unsecured Amazon S3 virtual server and included records from 2009 to 2012, making more than 100,000 sets of records vulnerable to cybercriminals.
Kromtech, a white hat research group, made the initial discovery and reported the breach to FedEx. According to FedEx spokesperson Jim McCluskey, FedEx was able to secure the information and they “found no indication that any information has been misappropriated.”
The Key to Keeping Your Data Secure
How can your organization avoid becoming the next corporate name making the news for not securing customer’s identifying data like FedEx or Equifax? The truth is that many security breaches are preventable, and one important way of safeguarding sensitive data is by investing in tokenization.
Tokenization is a security method that prevents data breaches by ensuring that credit card numbers, Social Security Numbers, and other sensitive information never traverses your organization’s system. Rather than allowing raw, unsecure information to enter your enterprise, when a field comes up for raw card number entry a tokenization solution will open a secure browser field, capture the number outside of the merchant’s ERP application, store it securely, and replace the raw data with a token.
These tokens act as surrogate values so that even if cyber thieves hack your data, the information is meaningless. Unlike encrypted credit card numbers, it’s impossible for hackers to reverse-engineer tokens. Meanwhile, the cardholder data is encrypted and stored, along with the encryption keys, in a secure, off-site location.
Not only does tokenization keep your data safer, it can also save you time and money when it comes to auditing. Tokenization can reduce the number of PCI compliance audit items by up to 60 percent. A payment environment that stores no raw Personal Account Number (PAN) information often qualifies for a Self Assessment Questionnaire (SAQ) C with only 139 questions, whereas payment systems that store sensitive data, even if encrypted, require an SAQ D with 326 questions.
Last but not least, tokenization not only protects your data—it protects your company’s reputation and your customers’ loyalty. According to the Ponemon Institute, a 2017 study revealed that the global average cost of a data breach is $3.6 million. This cost not only comes from fines and penalties, but also from a loss of valuable customers and brand value.
Is Your Data Safe from Breaches?
Make sure your sensitive data is secure with a solution from Paymetric, which was recently named a key global leader in tokenization. To learn more about our P2PE encryption solutions, contact a representative today.