Protecting your business and your customers from a data breach in a technological world

with No Comments

Small retailers are the victim in 80% of all hacker attacks in the US.


Target, Neiman Marcus, Michael’s, P.F Chang’s, UPS, Jimmy John’s, Dairy Queen, Goodwill, Supervalu, Albertson’s, The Home Depot, Staples, Anthem, NVIDIA, Morgan Stanley, Chic-Fil-A, Sony, Microsoft xBox, UC Berkley, Shutterfly, Godiva, the United States Postal Service, Fidelity.


What do all of these businesses have in common?


+++They all suffered severe data breaches within the past year.


If you get your merchant processing statement and see a line under miscellaneous fees that looks like this: pci-non-complaince
Then you might not be able to afford to not take a look at the security of your customers and business.


Why do breaches happen so frequently?


+++Technology has been the triumph of this era. We can now send information around the world in under a second. We can see our loved ones face to face from other sides of the planet with Skype or Facetime. We can see any spot on the Earth using machines that we launched into space and orbit around our planet. We have aircraft that can fly around the world without a pilot, and even deliver supplies to a building in space.


+++Technology has been the weakness of this era. With every advance in technology and security, it seems as if there are those out there with malicious intent that remain one step ahead. More and more information exists on every person, and it is hard to maintain any privacy in our constantly evolving technological world.


+++The financial systems industry in our country is a prime example of this. The need to carry cash has been significantly decreased as we can use cards for essentially all our money needs. However, we have become susceptible to even more significant types of fraud.


+++It is almost impossible to operate a business successfully in this day and age without the ability to accept credit cards, debit cards, or any one of the other ways that we have in our world to transfer money.


+++Many of the offered solutions that exist in today’s marketplace are relatively insecure. Magstripe, or magnetic strips that you see on the back of today’s credit and debit cards, were created more than 40 years ago. 4 decades. Hackers are creating new malicious software every single day, and by the time that the security industry leaders in this country can come up with a solution, hackers have already invented some brand new malicious code to get around it. That process might take weeks, maybe a month.


+++If you use a credit card reader that doesn’t utilize Tokenization, you are using technology from 40 years ago to transmit extremely private credit card or financial data. Often times this credit card data is not even encrypted when it is stored in a point of sale system.


A breach couldn’t happen to me!


+++PCI has 4 categories of merchants. Levels 1, 2, 3, and 4. For simplification, we will say that levels 1 and 2 are merchants that process more than 1 million card transactions per year in the US, and levels 3 and 4 process less than 1 million card transactions per year in the US.


2,000 – the number of level 1 and 2 merchants in the US.


5,000,000 – the number of level 3 and 4 merchants in the US.

+++This means that there are around 2,500 times the number of level 3 and 4 merchants as level 1 and 2. The level 1 and 2 merchants are the most scrutinized and regulated by the PCI DSS, because it is a manageable group that represents a large amount of financial data. The PCI DSS does not have the resources to scrutinize the level 3 and 4 merchants, making them easy targets for hackers and breaches.

A full 47% of level 4 merchants are “unsure” or “unaware” of PCI DSS.

+++This means that the largest group of merchants in the US is unsure or unaware of security compliance regulations. This is a hacker’s biggest dream come true, right behind being handed the credit card information for every existing card in the United States of America.
+++I was grabbing breakfast at a great little spot here in Louisville Kentucky, and I got a chance to speak with the owner of the restaurant. I was curious what an actual merchant thought about the security of his business and customers. To paraphrase him, “I just don’t think about it and pray that nothing happens. Obviously I care about the security of my business and customers, but I don’t know how to make it more secure!” This aligned perfectly with a recent statistic I read.

69% of merchants believe there is “little or no chance” that they would be the victim of a data breach.

+++Whoah whoah whoah, hold on a minute. Remember the statistic from the beginning of this post? Go and look at it again if you need too. If small retailers are the victims of 80% of hacker attacks in the US, and 69% believe there is little or no chance they would be the victim of a data breach, then small retailers are getting breached and exposing their financial data as well as their customers’, and they don’t even know it until it’s too late.

What are the ramifications for a breach?


+++As a merchant, it is your responsibility to ensure that your customers financial information is safe.


Despite PCI scrutiny, the data breach at Target will cost the retailer more than $1 billion.

+++Let’s look at some more statistics from the PCI about data breach costs.

$277 – the average cost to a merchant PER RECORD STOLEN.

+++There are several other costs associated when a merchant suffers a breach.
+++Things like:

  • 56% – Lost business
  • 26% – Remediation/Fines/Legal Fees
  • 11% – Notification of customers
  • 7% – Detection and escalation of breach

+++This amount of liability can force even the most successful small businesses to close their doors permanently and leave the owners rife with remaining financial burdens.

When you suffer a breach, you are directly responsible for:

  • Reimbursement of cardholder losses
  • Any costs associated with the notification of customers
  • Case management fees and penalties from card brand networks ranging from $5,000 to $500,000


Well what can I do?


  • Know the facts and your responsibility and liabilities as a merchant.
  • Ask your merchant processor. Make sure that you pressure them and don’t let them feed you fluff. The security of your business and customers, not to mention the future of your business, is on the line when a breach occurs.
  • Make sure that your credit card transactions are tokenized.
  • Make sure that your point of sale is secure, and tokenizes sensitive data.
  • Seek outside consulting.

+++Trust and security should be the cornerstone to any business, and without it, many businesses would crumble. Protect your customers. Protect your business. Protect yourself.
+++I hope you have enjoyed this article, and that it will inspire you to secure your business, and take actions to prevent breaches from happening to you. If you like what you read, please feel free to contact me at if you have any questions, or would like any more information.

Leave a Reply