With Costs of Data Breaches Escalating, Banks Need Better Token Tools

One of the most unsettling scenarios for any bank board to consider is the prospect of someday seeing images of its brand and branches splashed across screaming headlines following a data breach.

The unfortunate reality is that for many financial institutions, it is not a question of if it will be breached by hackers, but when.

The average cost of a data breach has grown to $4 million, representing a 29 percent increase since 2013, according to “Cost of Data Breach Study: United States,” Ponemon Institute, June 2016. Moreover, that cost was much higher for financial services companies, a stunning $7 million.

The study also found cybersecurity incidents continue to increase, both in terms of volume and sophistication, with 64 percent more security incidents reported year-over-year. Increases were also reported on average cost per lost /stolen record ($221) and average record count per breach (29,611).

Tips to Tap Tokenization to Help Safeguard Card Data

Banks that invest in the right tools can help protect their customers and preserve portfolio profitability.  

By leveraging the latest in tokenization technology, an institution issuing credit, debit and/or retail cards can improve security by eliminating use of card-holders’ Primary Account Number (PAN) within systems/files or transactions.


Interested in Tokenization?
Request a briefing now.

Learn More

Let’s face it, storing customer credit and debit card numbers exposes issuers to potential data breaches. By replacing sensitive card data with non-transactional tokens the institution can retain the essential data, while enhancing security. This can help your institution:

Avoid the Costs of Security Breaches – Buyer Beware! No one can entirely safeguard your institution from security breaches. However, tokenization can at least help reduce the consequences of a breach, such as:

  • Loss of existing customers
  • Decline in new acquisitions
  • Disputed transactions
  • Card replacement
  • Increased labor to field customer inquiries
  • Legal fees
  • Credit counseling for affected customers
  • Promotional campaigns to rebuild trust

Limit Your Exposure to Malicious Attacks – According to the recent “3rd Annual Underground Hacker Markets Report,” by SecureWorks, rates for data from premium credit cards ranged from $30 to $80 on the black market. Eliminating the PAN reduces the value/demand for your data which in turn reduces malicious attacks. Whether a breach is caused by human error, system glitch or malicious attack the ability to use a token to transact reduces the risk exposure after a breach. 

Reduce the Complexity of PCI Compliance – Replacing your card-holders’ primary account number (PAN) with non-transactional tokens in reports and files eliminates storing live account numbers in non-secure environments and therefore reduces PCI DSS compliance scope. (Payment Card Industry Data Security Standard applies to companies of any size that accept credit card payments. If your company intends to accept card payment, and store, process and transmit cardholder data, you need to host your data securely with a PCI compliant hosting provider).

The reality is that hackers are determined to do whatever it takes to attack our financial institutions and victimize you and your cardholders.

But know there are also teams on the front lines and in the trenches, including some very talented security experts here at First Data, just as determined to better prepare your institution for these assaults.  

INTERESTED IN TOKENIZATION? Want to learn how you can add the latest tokenization tools and fraud management solutions? Request a free briefing with one of our Security & Fraud Management Solutions Specialists.