What do Home Depot, Target, Nieman-Marcus and Michael’s have in common? Besides being major chain stores, all four suffered serious data breaches in the recent past that jeopardized their customers’ credit card information and brought tons of unwanted negative publicity in the media. If large, well-resourced corporations like these can fall victim to data breach, what chance does a small business like yours have in fighting off cyber criminals and identity thieves? You might be surprised!
The 2014 Cost of a Data Breach Study global analysis from the Ponemon Institute reveals some eye-opening statistics, including:
- The average total cost per company that reported a breach was $3.5 million, up 15 percent from the previous year.
- In most countries, the primary root cause of the data breach — and most costly — is a malicious insider or criminal attack.
- Companies estimate that they will be dealing with an average of 17 malicious codes each month and 12 sustained probes each month.
- Reputational damage and the loss of customer loyalty impact most seriously on the bottom line, requiring companies to spend heavily to regain their brand image and acquire new customers in the aftermath of a data breach.
There are a number of steps you can take to lessen the risk that your small business will become another data breach statistic. For starters, focus on secure credit card processing.
First, choose to deal with an experienced credit card processor who is up on all the latest secure encryption technology to help ensure uninterrupted protection of the confidentiality and integrity of transmitted credit and debit card data by encoding it at its starting point (the card swipe or POS) and decoding it at its destination (the credit card processor). Encrypted cardholder data in no way resembles the original cardholder data, so if it is intercepted by data thieves during transmission it is useless to them.
Next, be sure to ask if the payment processing software provided by your processor is compliant with both the Payment Application Data Security Standard (PA-DSS) and the Payment Card Industry Data Security Standard (PCI-DSS). PCI complianceis particularly important because it demonstrates that a processor adheres to established industry standards for securing payment card information.
Never store payment card numbers at your business. This should be the domain of your processor. Stored credit card data is one of the biggest risks in PCI compliance.
Monitor all payment card transactions and keep detailed records, which can help you identify the weak link of a breach occurs. This has numerous advantages, including catching the criminals, minimizing the number of customers affected and determining the lapses in security that need to be addressed.
Finally, train your employees to spot red flags that may indicate a breach in progress. For example, they should be alert to any physical tampering with PIN pads or card terminals, a tactic commonly used by data thieves to steal valuable account information that can be used for unauthorized purchases or to create bogus credit cards and sell or use them to make unauthorized purchases.
Maintaining a defensive position against hackers and identity thieves is a business owner’s best approach to preventing fraud. Working with a reputable, PCI-compliant credit card processor like TransFirst® should be your first step.