Retailer overhauls web server security with tokenization and SSL
Retailers have been facing increased scrutiny with regard to protecting sensitive information. The growing popularity of online shopping means that more credit card numbers are making their way onto eCommerce services, but a single data breach can break consumer trust in the brand as well as result in financial penalties.
Encryption is often the go-to method of protecting information at the data level. It ensures that a hacker who breaches the system wouldn't be able to read the digital payload. However, the large number of disparate systems can make it difficult to determine where sensitive data is stored and which information is vulnerable. To address this problem, Crutchfield Corp overhauled its system, consolidating sensitive information to fewer servers rather than have it spread throughout the company's IT environment. Internet Retailer Associate Editor Amy Dusto reported that this makes it easier to prioritize and safeguard credit and debit card numbers.
After completing the overhaul, Dusto noted, Crutchfield will only have sensitive data stored on 10 percent of its servers. The company also plans to use tokenization to protect data at rest rather than rely solely on traditional encryption. The new software uses a string of random numbers and letters that take the place of 16-digit payment data, making the information look less important. In addition to randomly generated character strings for individual numbers, the software tokenizes the table of data itself so that only Crutchfield's servers can match the random strings to the data they're associated with. In addition to focusing on its storage infrastructure, the company has improved its efforts to protect customer data as it is sent over the web.
"Each of those servers is located in a separate, physically secured data center with extremely limited internet access - they are only allowed highly restricted connections to certain applications to gather card data, which is secure socket layer (SSL) encrypted until it reaches the server," Dusto explained.
Improving ROI with SSL certificates
Although implementing safeguards such as SSL certificates is typically considered a risk avoidance measure, it may increase revenue for eCommerce businesses. Research highlighted by Monetate's Eric Miller found that 21 percent of consumers that abandon online shopping carts do so because of security concerns. Posting badges such as a thawte trusted seal on the website can address these fears and encourage online shoppers to complete their orders.
Get your SSL certificate today to protect sensitive data and build trust with customers.