Big data is one of the most exciting technological trends to hit the payments market. While it might just sound like a new enterprise IT buzz phrase, in reality, it is much more than that. Big data promises to revolutionize the way merchants conduct business on almost every level, offering benefits with respect to marketing, sales, customer service, IT security, fraud prevention and – most importantly – the bottom line.
Merchants are in a unique position with big data since their organizations are founded on the collection of consumer data. Their payment processing environments are virtually treasure troves of information on purchase history and shopping behaviors. Better yet, Paymentssource contributor Sean O'Dowd explained that merchants can leverage big data to improve their services, allowing them "to provide payments anytime and anywhere."
"Big data means big money for merchants."
In short, big data means big money for merchants, banks, retailers and other organizations in the payments sector. According to Accenture, 89 percent of businesses said that this trend will have an effect on corporate operations similar to that of the Internet in the 1990s – it will revolutionize the way the world works. Merchants will be able to uncover and predict consumer behaviors, find and optimize the greatest marketing strategies, and identify and solve the most difficult corporate problems.
While big data shows great promise, stores of large quantities of information – also known as data lakes – will be huge targets for hackers, especially when a lot of the data within these environments is personally identifiable. In essence, data lakes represent the best of the best information, taking data from from all aspects of organizations and putting it a single location. Therefore, big data environments hosting payment card, personally identifiable and other sensitive information need to be as secure as possible.
The complexity of big data security
Unfortunately for merchants, securing big data isn't easy. The nature of big data makes protecting it very complex. For example, the three Vs of big data make those environments unique:
- Volume: IBM estimated that the world collectively makes 2.5 quintillion bytes of data every day, while the average enterprise stores around 100 terabytes of information. Of course, these numbers are growing exponentially, especially as merchants come to realize that there is value to be extracted from almost every facet of data. IBM said that by 2020, the amount of data in the world will be 300 times what was in 2005.
- Variety: Big data is collected from so many different sources – from social media to card swipes – making it difficult to identify which data should be protected. As consumers start to use wearable technology, data sources will rapidly increase. Furthermore, more systems are given access to big data every day, since it is valuable for so many different business needs.
- Velocity: Analyzing big data in real-time is critical to the success of these projects, but it also introduces data protection problems. How fast can security solutions encrypt information? They need to be as quick at protecting data as possible.
Then, merchants must consider the logistical and technological challenges of securing big data environments. The Cloud Security Alliance highlighted some of the greatest hurdles that businesses need to clear.
First, there is the infrastructure. The systems that create, process, send, receive, store and analyze big data must be secured with traditional security approaches, such as fortifying them with firewalls, but they also need to be patched. For example, ERPScan reported that SAP released 29 security patches in just one update, and many of them plugged vulnerabilities in the SAP HANA big data platform.
The CSA also pointed out that privacy is a major challenge in regard to big data. Merchants need to implement new strategies that allow employees to leverage big data and insights without sacrificing the privacy of consumers. Furthermore, who is using big data systems matters, as well as who is collecting that information.
Wanted: A data-centric solution
Perhaps the biggest big data security problem is that merchants are stuck in the past. According to Gartner, businesses need to adopt data-centric security approaches if they ever hope to protect these environments. However, over 80 percent of companies cannot secure big data across their various IT silos with a single policy, the source reported. It's because the focus is on network security, not data-centric strategies, even though a secured perimeter doesn't mean protected data assets.
The best data-centric approach to big data security lies in cryptography. That said, CSA explained that traditional encryption is a challenge: It makes data discoverability difficult and public keys present some risk. Therefore, merchants should turn to cryptographic technologies such as tokenization.
Tokenizing big data
Dave Fortney, senior vice president of product development and management at The Clearing House, told Computerworld that tokenization of payment card information and other data contained in the typical big data environments ensures that merchants do not need to adjust their current payment processing solutions. It's because tokens essentially replace sensitive information from the moment it is created when a card is swiped.
"Tokenization helps merchants remove compliance scope."
More importantly, tokenization helps merchants limit compliance scope. Big data environments won't necessarily require payment card data specifically, so this approach ensures that information can be analyzed without putting consumers' personal data at risk. Tokenization will be particularly useful in two cases: when payment processing is done in the cloud and if merchants use cloud-based analytics platforms. Businesses can rest assured knowing that even if there is a data breach, their data is obfuscated and the keys to unlock that information are secure in another location – digitally or physically.
Big data stands to be one of the most powerful technologies of the 21st century. It can usher in a new era of artificial intelligence, it can make make communities safer and it can help reduce fraud. In that regard, merchants cannot ignore big data. That also means that they must get better at securing it. If they don't, the big data trend can end before it even reaches half of its potential.