- Clover POS
In the wake of numerous recent merchant data breaches, the National Retail Federation is making a push for the adoption of EMV “chip and PIN” cards in the U.S., and merchants will need to start updating point-of-sale (POS) equipment. However, EMV alone does not ensure that payment data is fully protected, and until magnetic stripe cards are retired for good, merchants like you need to consider a multi-layered approach for protecting the sensitive cardholder data that customers entrust you with every business day.
Did you know it’s possible for your business to experience a serious data breach even if you do not store cardholder data after a transaction? Cyber criminals have become quite adept at breaking into merchants’ POS systems that capture and forward electronic payments. Today’s attacks have become quite sophisticated, and criminals have found many points where data passing through your system is vulnerable to theft.
Magnetic stripe data is an attractive and frequent target of fraudsters. Stolen data easily can be printed onto other plastic cards and used elsewhere to make swiped card payments. Data thieves target small businesses in the hope and expectation that card security will be lax. Unfortunately, they are often right. According to Trustwave research, 90% of data breaches impact small merchants. A 2012 Trustwave security report indicates that Retail (45%), Food and Beverage (24%), and Hospitality (9%) are the top three compromised industries¹.
Have you ever thought about what it would mean to your business if a payment data breach were to happen? In fact, a breach doesn’t even have to be confirmed but simply suspected in order to turn your business upside down. While the financial costs can be high, even the non- monetary consequences of a data breach can be quite damaging.
It’s very rare for a small merchant to discover for itself that payment data has been stolen. Most events are detected by a law enforcement agency or a third party such as a bank or a card association that has begun to notice a rise in fraud that can be traced back to a specific merchant. When a breach of payment data is reported (or even suspected), it kicks off a series of unavoidable and costly actions that range from forensic analysis of the merchant’s payment system to mandatory reporting requirements.
If your business is unfortunate enough to have this happen, you can expect to incur significant expenses. For example, the cost of a data breach for a small business merchants averages $36,000 and can reach or exceed $50,000². Your actual out-of-pocket cost will depend on the following factors:
And these are just the direct costs of experiencing a data breach! There are indirect non-monetary consequences that can be just as or even more damaging to your business.
The out-of-pocket expenses listed above are just the start of your headache. Consider how else your business is likely to be affected.
Regardless of the cause of the breach, your company shouldn’t even think about claiming to be a “victim” in the breach. Consumers aren’t likely to see your company as a victim if their own data has been put at risk. According to Visa, from a consumer’s perspective,the issue is relatively simple: “I gave my information to you, you exposed/lost it, and it’s your fault. Period.8”
Data theft processes evolve quickly, and your approach to security needs to keep up. The best way to protect your business is with a thorough and ongoing data security program. A little preventative work goes a long way, so check with your payments provider on whether they are armed with solutions that will help protect you and your customers.
First Data has a range of security solutions for merchants. Talk to your First Data Business Consultant to learn about affordable, easy to deploy security solutions that can mitigate potential cyber attacks and secure your customers’ transactions from start to finish.
Post Source: First Data Market Insight
1. Trustwave SpiderLabs, “Trustwave Global Security Report 2012”
2. Robert Halsey, “The Real Cost of Data Breach,” published on www.PCIcomplianceguide.org, April 2009
3. Chris Novak, Managing Principal, Verizon Business, “Crisis Data Breach Response: Computer Forensic Services” posted on August 27, 2012
4. “Data breach costs UNC nearly $80,000,” February 26, 2014
5. Verizon RISK Team, “Verizon 2012 Data Breach Investigations Report”
6. Ponemon Institute for ID Experts, “The Consumer’s Report Card on Data Breach Notification,” survey of 1,795 U.S. adults, April 2008
7. “Reputation Impact of a Data Breach,” U.S. Study of Executives & Managers, Ponemon Institute Research Report, Sponsored by Experian Data Breach Resolution and independently conducted by Ponemon Institute LLC, November 2011.
8. “Responding to a Data Breach: Communication Guidelines for Merchants,” Visa, Inc., 2008