Take a guess at how many small businesses in the United States have been victims of a data breach—4 million…8 million…12 million? Would you believe it if the number is even higher? According to the 2016 State of SMB Cybersecurity Report, 14 million U.S. small businesses have been breached.
You may think that a cyber hacker wouldn’t be interested in stealing data from your small business, that only large merchants get hacked. In reality, the opposite is true. Security experts agree that hackers target small businesses because of their size – and because they’re less likely to have the time and resources to sufficiently protect their data and systems. Small businesses are the target of 62 percent of all data breaches, which breaks down to about 4,000 each day.
Shoppers taking security more seriously than ever
Even if you don’t think your small business is at risk for a cyber breach, your customers are certainly wary of the risk. According to a recent Vantiv survey, 29 percent of customers think it is likely their card data will be stolen as a result of a data breach within the next two to three years. While 75 percent of shoppers think that the responsibility of a data breach lies with the card issuer, more have placed this responsibility of fraud protection on the merchant compared to two years ago (64 percent vs. 44 percent).
While it’s true that arming your business systems with adequate data security measures takes time and resources, the risks of leaving yourself unprotected are far greater – including putting you out of business completely. According to the U.S. National Cyber Security Alliance, a full 60 percent of small businesses close within six months of falling victim to a data breach.
Industries at highest risk of a breach
Regardless of which industry you’re in, your business may be at risk for a cyber hack. However, the retail and hospitality industries are at greatest risk, at 23 percent and 14 percent, respectively. Vantiv research found that 24 percent of consumers have been the victim of a security breach at a retailer or restaurant they have recently patronized. Unfortunately, it doesn’t seem that U.S. retailers are learning from their past mistakes, since more than half of businesses that experience a data breach have already experienced a past breach.
Any way you slice it, these statistics are scary for retailers and customers alike. Let’s take a look at some ways you can protect your payment data and prevent your business from becoming a statistic.
Your must-have data security toolkit
Let’s start by evaluating the tools in your breach prevention toolkit. Do you have a toolkit in place and, if so, does it contain the right tools for the job? A comprehensive breach toolkit should include solutions to help prevent a breach and tools that can help mitigate the financial impact on your business should a breach occur. We recommend the following five components:
- EMV technology so your business is equipped to accept the newer chip cards for more secure card-present transactions.
- Encryption and tokenization tools to safeguard customer data before, during, and after a transaction is processed through your systems.
- Anti-fraud services to proactively address security threats and minimize issues before they occur.
- PCI compliance assistance to effectively secure your payments systems and comply with industry standards.
- Breach protection to cover your business financially in the event of a breach.
One of the things to look for in a leading breach toolkit is a single provider offering all of these components as a comprehensive offering. If you sign up for your fraud services through various providers, your fraud protection strategy will be difficult to manage as well as potentially more vulnerable.
Best practices to follow
Although the tools we’ve just covered above are invaluable and necessary, you can’t stop there to protect your customers’ payment data. You also need to adhere to best practices when it comes to detecting fraud. Because each dollar of fraud costs U.S. merchants more than twice that amount, you can’t afford not to follow best practices.
Check out three common fraud scenarios, along with best practices you should follow to avoid falling prey:
- Wire fraud: Your customer overpays for a large order, and then requests that you wire the overpayment amount to them or someone else. But, the sale ends up not going through and you lose that money. Best practice: Never agree to wire money to anyone – even if not doing so means potentially losing a big sale. It’s just not worth the risk.
- Force auth fraud: After their card is declined, a customer requests that you force an authorization by using a phony auth code. This results in a chargeback for which your business is liable. Best practice: Never force a sale using a “code” from a customer, and always follow the standard steps for securely processing all transactions.
- Gift card fraud: A customer returns stolen goods in exchange for a gift card at your location. Best practice: Always require a receipt and a photo ID before you process returns.
Following these best practices – along with being aware of the red flags of suspicious customer behavior – can protect your customers and your business. Always keep records of signed sales drafts and be timely about issuing refunds. What’s more, be transparent about your security practices upfront. Your customers will feel better knowing you are working hard to protect their valuable payments data.
Keeping a watchful eye on your security
Once you have a security protocol in place, you’ll need to take steps to continually monitor your customer payments. This involves:
- Running quarterly scans to detect system vulnerabilities. As one requirement of the PCI-DSS standards, you must run regular scans of your systems. These automated, non-intrusive scans check your network and web applications from an external IP address to identify potential points of weakness that a would-be hacker could use to access your systems.
- Implementing business intelligence tools. Robust BI tools can empower you with the knowledge and insight you need to make needed adjustments in your security system. For example, if your customers are raising concerns on social media about your company’s data security practices, you’ll know right away and can proactively address the complaints before they negatively impact your brand.
- Developing a proactive plan to deal with a breach. If disaster strikes and your business does suffer a breach, having a plan to follow up with your customers will go a long way to help rebuild consumer confidence. Notifying your customers that a breach occurred and that they may have been impacted is common practice, with only 22 percent of consumers who were victims of a data breach reporting that the breached merchant did nothing to notify them of the breach. You may want to think about how you’ll notify your customers – via a phone call, letter, or email – and about offering to pay for credit and identity theft monitoring services for a certain period of time after the breach.
It’s all about consumer confidence
Whatever type of business you’re in, your customers need to know their credit card data will be safe when they do business with you. You want to do everything you can do to make sure your business and your profits are protected from potential data caused by data breaches and fraudulent transactions.
Here’s the good news: you don’t have to be an expert in the payments industry and payments security to effectively safeguard your business. Partner with a trusted, experienced processor like Vantiv and you can feel confident your systems will be protected by the best in the business. From card data security to PCI compliance and fraud protection, contact us today to learn more about how you can reduce your risk and build consumer confidence in your payments – so you can sell more and worry less.