According to the Identity Theft Resource Center’s (ITRC) yearly breach list, there were 781 reported breaches in 2015 and 1,093 in 2016. The number of data breaches tracked through June 30, 2017 hit a half-year record high of 791, a jump of 29 percent over 2016 figures during the same period. At this pace, ITRC anticipates that the number of breaches could reach 1,500 in 2017, a 37 percent annual increase over 2016.1 The average total cost of a data breach is now $4 million, with a cost per stolen record of $158. This marks a 29 percent increase in total cost per breach since 2013.2
As the numbers on data breach statistics continue to rise, it is clear a new approach to data security is needed if organizations want to stay ahead of the attackers and more effectively protect their data, customer information, and bottom lines.
One clear place to start is with point of sale (POS) payment devices. These systems are vulnerable because they allow direct cardholder interaction, sometimes in an unattended setting, which poses data security challenges. The usage and operational modes of the machine and its software need to be appropriately constrained to just the tasks that are necessary to perform a transaction. Precautions must be taken to reduce the chance of data being stolen, copied, fraudulently entered, etc.