Most of us hear about the really big data breaches that hit large retailers, governments and health care facilities. They make national news when they occur. But what we don’t hear about are all the “little guys” who increasingly are becoming the targets of cyber thugs.
For a number of years the small and medium size businesses that accept cards as a form of payment were flying under the radar of the bad guys. But as large businesses have tightened up their card data handling procedures and bad guys are having a more difficult time hacking into their systems, the smaller companies have started to attract unwanted attention.
More and more of these smaller businesses are seeing hacking attempts and, in some unfortunate cases, successful theft of cardholder data. According to the U.S. Secret Service and Verizon Communications, Inc.’s audit unit, there were 761 known breaches in 2010, up from 141 in 2009. Of these, 63 percent (482) were from companies with 100 or fewer employees. Visa has estimated the majority (95 percent) of the data breaches it now handles are from small and medium size businesses.
A recent news story in the Wall Street Journal illustrated the negative impact that this could have on your business. In one case, a restaurant in Washington State ended up going out of business due the cost of the audit and expense of cleaning up the mess from its data breach.
In another case, a Chicago area newsstand hacked by someone using a Russian server ended up spending $22,000 on “investigations and security improvements.” The initial problem was traced back to weak password security.
In both of these cases, the businesses were very small compared to the data breaches you hear about on the evening news. Could your business, even in the best of times, absorb a $10,000–$20,000 hit to the bottom line?
Realizing that small businesses look to their processors for assistance, last year we started providing automatic insurance coverage for data breaches for all of our merchants. For merchants that process their credit card transactions with us, we provide $100,000 in insurance coverage per merchant identification number (MID) (with a maximum of $500,000) as part of their monthly statement fee.
This insurance will cover the audit, the fines from the card associations and the costs to reissue the cards that were compromised. If you aren’t using a processing solution that provides this coverage, you should either contact your insurance company to explore getting a policy that would cover you, or consider changing to a merchant processing solution that covers you for this type of event.
More and more large companies are “cleaning up their act” when it comes to protecting card data. While that’s good, it has moved small and medium size businesses into the bad guys’ crosshairs.
Are you protecting your data, and are you insured against a breach?
John Mayleben is Michigan Retailers Association senior vice president, technology and product development, and a national expert on electronic payment processing.