It is estimated that there were more than 570 million credit cards in use in the U.S., averaging 1.7 credit cards per citizen. Worldwide, the volume of cashless transactions in 2022 totaled around $1.157 billion USD, and the trend is rising. This means that the number of fraud attempts on cashless payments is also increasing. According to the 2022 Nilson Report, losses due to card fraud amounted to $32.34 billion USD in 2021. This makes it all the more important to develop and constantly monitor the hardware and software used in payment transactions.
There are also impressive facts on cybercrime: in 2022, the damage caused by cybercrime worldwide and in all sectors was estimated at $8 trillion USD. For example, 310 million internet users suffered a breach of their accounts in 2022. Of particular importance to retailers, 24% of cyberattacks targeted retailers, which is more than any other industry. Yet 99% of retail cyberattacks are financially motivated.
As a result of these troubling statistics, commercial businesses are required to regulate the personal data of their shoppers. This requirement can be challenging as retailers often work with many partners that use data to enhance customer service, like solution providers that work to improve fraud protection, personalization and more.
Let’s discuss how data privacy impacts the retail industry and how GK helps protect its retailer partners.
Safety is doubly important in the retail industry
While the above facts demonstrate the urgent need to minimize the risk of attack and potential damage, it is also a legal requirement for commercial enterprises. The General Data Protection Regulation (GDPR) of the European Union ("EU 2016/679"), regulates the processing of personal data of individuals, companies or organizations in the EU. In addition, the NIS2 - Directive is newly significant, which ensures a high common level of cybersecurity in the European Union (2023). Companies designated by Member States as operators of essential services in the above-mentioned sectors must take appropriate security measures and inform the competent national authorities of serious incidents.
Fines of up to €10 million or 2% of global revenue are possible for data protection violations. Between 2018 and 2022, GDPR fines in Europe cumulatively amounted to over €2.381 billion. Additionally, retailers and retail technology vendors must maintain compliance with ever-changing privacy laws across the U.S. states in which they conduct business. In fact, the National Conference of State Legislatures reported that, “at least 25 states and Puerto Rico introduced or considered almost 140 consumer privacy bills in 2023.” These laws are in reaction to the landmark California Privacy Rights Act (CCPA), which regulates how businesses collect, maintain and sell personal information of consumers within the state.
In the future, in addition to the high penalties due to data breaches (GDPR), there will also be high penalties for non-compliance with security measures (NIS2). Merchants and service providers must therefore prove that they apply the highest possible security standards; in the case of GK OmniPOS, this is done via the PCI Software Lifecycle Standard.
GK certifications for OmniPOS and TransAction+ showcase a commitment to customer security
Every day, around four million transactions take place with GK OmniPOS at more than 120,000 systems worldwide, and a large number are paid for with cards. This is reason enough to rely on the highest security standards in our software. These range from a standardized security training system for our employees to detailed software security documentation.
The Payment Card Industry (PCI)Payment Card Industry (PCI) Data Security Standard is a set of rules in payment transactions that relates to the processing of credit card transactions and is supported by all major credit card organizations. The protection of payment data is a top priority for payment software providers; with certifications according to the Software Security Framework (SSF), they prove that both the payment software and its development processes meet the highest, comprehensive security requirements.
The overall PCI Security Framework comprises two standards: The Secure Software Standard (SSS), which includes core requirements related to payment applications, and the Secure Software Life Cycle Standard (PCI SLC). Both programs focus on different aspects of software security validation. Payment software validation under SSS ensures secure application development in accordance with industry best standards and practices. Accordingly, SSS validates the overall effectiveness of the software to protect the integrity of the software and the confidentiality of the sensitive data it stores, processes and transmits. PCI Secure Software Life Cycle starts elsewhere, as this validation ensures that the software development process, methodology and practices of the software provider are secure and integrated into the complete software life cycle.
GK OmniPOS has carried the PCI SLC since April 2023 after an extensive testing process; GK OmniPOS had already passed the PCI SSS the previous year. The PCI Secure Software Life Cycle Version 1.1. security certificate confirms that the GK OmniPOS standard product is secure for payment transactions, while reducing risk or vulnerabilities by building strong defenses against attacks. The technology and the design and maintenance of the software solution is secure throughout the software lifecycle.
In addition, GK’s TransAction+ (T+) payment solution, sold in both the United States and Canada, has also previously received the PCI SSF certification. This recognition demonstrates that TransAction+ is a safe payment solution that prevents data vulnerabilities and protects all sensitive information related to a transaction. The presence of this certification and the PCI SSS framework certified to OmniPOS highlight GK’s ongoing commitment to offering secure, best-in-class solutions for its customers.
Proof of security for future versions of GK OmniPOS
The validation process was supported by the accredited auditor usd AG, which accompanied the audit over the last two and a half years and went through the development work with adjustments to the source code, the documentation and revisions as well as the final audit by the PCI Council with GK. With the PCI Secure Software Life Cycle certification, GK ensures the continuous maintenance of the validation of its software, and it is proven that GK can offer "SSF-compliant" new software versions.
Benefits of PCI compliance with GK OmniPOS:
- Confirmation of the highest security standards for the use of the solution GK OmniPOS
- Reducing the risk of high penalties due to data breaches
- Reducing the impact of security vulnerabilities occurring in the future
- Easier integration of applications for GK customers who are PCI DSS certified
- Quickly share information with customers to mitigate security vulnerabilities that may arise in the future
- Prioritized remediation of future security vulnerabilities and coordinated delivery of security updates
- Higher quality of applications through continuous security analyses of the software and continuous employee training
- Identity theft and credit card fraud risk management
- Increasing the protection of customer data
- Reducing the risk of negative effects on cash flow
Would you like to learn more? Please feel free to contact us.