Most of us hear about the really big data breaches that hit large
retailers, governments and health care facilities. They make national
news when they occur. But what we don’t hear about are all the “little
guys” who increasingly are becoming the targets of cyber thugs.
For a number of years the small and medium size businesses that
accept cards as a form of payment were flying under the radar of the bad
guys. But as large businesses have tightened up their card data
handling procedures and bad guys are having a more difficult time
hacking into their systems, the smaller companies have started to
attract unwanted attention.
More and more of these smaller businesses are seeing hacking attempts
and, in some unfortunate cases, successful theft of cardholder data.
According to the U.S. Secret Service and Verizon Communications,
Inc.’s audit unit, there were 761 known breaches in 2010, up from 141
in 2009. Of these, 63 percent (482) were from companies with 100 or fewer
employees. Visa has estimated the majority (95 percent) of the data
breaches it now handles are from small and medium size businesses.
A recent news story in the Wall Street Journal illustrated the negative impact that this could have on your
business. In one case, a restaurant in Washington State ended up going
out of business due the cost of the audit and expense of cleaning up
the mess from its data breach.
In another case, a Chicago area newsstand hacked by someone using a
Russian server ended up spending $22,000 on “investigations and
security improvements.” The initial problem was traced back to weak
In both of these cases, the businesses were very small compared to
the data breaches you hear about on the evening news. Could your
business, even in the best of times, absorb a $10,000–$20,000 hit to the
Realizing that small businesses look to their processors for
assistance, last year we started providing automatic insurance coverage
for data breaches for all of our merchants. For merchants that process
their credit card transactions with us, we provide $100,000 in
insurance coverage per merchant identification number (MID) (with a
maximum of $500,000) as part of their monthly statement fee.
This insurance will cover the audit, the fines from the card
associations and the costs to reissue the cards that were compromised.
If you aren’t using a processing solution that provides this coverage,
you should either contact your insurance company to explore getting a
policy that would cover you, or consider changing to a merchant
processing solution that covers you for this type of event.
More and more large companies are “cleaning up their act” when it
comes to protecting card data. While that’s good, it has moved small and
medium size businesses into the bad guys’ crosshairs.
Are you protecting your data, and are you insured against a breach?
John Mayleben, CPP, is RPN senior vice president technology and new
product development and a national expert on electronic payment
processing. Contact John at firstname.lastname@example.org.