AllBusiness.com
    • Starting a Business
    • Career
    • Sales & Marketing
    • AI
    • Finance & Fundraising
    • M & A
    • Tech
    • Business Resources
    • Business Directory
    1. Home»
    2. Legacy»
    3. Are You at Risk for a Customer Data Breach?»
    Are You at Risk for a Customer Data Breach?

    Are You at Risk for a Customer Data Breach?

    Mark Henricks
    LegacyFinancing & Credit

    They range from a Georgia pizzeria that lost 2,000 customer records to an Ohio dry cleaner that lost just 100. They are small businesses that suffered data breaches during 2010, according to the Identity Theft Resource Center.

    The 662 data breaches reported by all businesses in 2010 do not reflect the real impact on small firms, according to Rob McMillon, director of solution development for RSA, a Bedford, Massachusetts, security vendor.

    “All too often, either [small businesses] don’t know that they’ve been breached or they handle it in-house and sweep it under the rug,” says McMillon. “And it’s never reported because they don’t want to face the negative repercussions.” Consequences can include the cost of notifying customers, as is now required in all states, as well as fees, fines, and other penalties, such as higher per-transaction costs charged by credit card companies.

    A survey of small retailers by the National Retail Federation and First Data Corporation, a payment-processing firm, shows more than 60 percent of smaller merchants do not know credit card companies can fine them for each card canceled due to a data breach. A study by the Ponemon Institute, a privacy research firm, pegged average cost to companies at $204 per customer record breached.

    “The typical actual out-of-pocket financial cost to a small business that gets breached is a five-figure sum,” McMillon says. “Those are mom-and-pop merchants, and that can be enough to drive them out of business.”

    While state laws require that businesses report data breaches, rules for how businesses should protect data and decrease their security risk primarily come from industry. The PCI Security Standards Council, founded by American Express, Discover, MasterCard, and Visa, sets benchmarks. One that applies to smaller companies is a requirement for an annual self-assessment of security policies and procedures. Only about half the small retailers in the NRF/First Data survey said they had completed the required self-assessment.

    Merchants can download copies of the self-assessment from the PCI website. It helps guide companies of any size in procedures that promote better security. For instance, one requirement says merchants should not store a customer’s personal identification number or card verification code after a transaction is complete. Other benchmarks that can reduce your company’s risk of a customer data breach include the following:

    • Protecting stored cardholder data by, for instance, showing no more than the first six or last four digits of a card number when it is displayed
    • Providing secure authentication features, including requiring unique user IDs for administrative access to cardholder data
    • Logging uses of payment software and being able to link activities to individual users
    • Developing payment software in a safe manner by, for instance, not using actual customer data for testing
    • Protecting wireless data transmission with encryption, passwords, and other means
    • Testing payment software for security weaknesses
    • Protecting networks with antivirus software and firewalls
    • Never storing cardholder data on a computer connected to the Internet
    • Requiring two kinds of identification, such as a password and a smart card, for remote access
    • Encrypting sensitive data sent over public networks

    To allow business owners to concentrate on other affairs, some elements of data security can be outsourced. First Data offers Transarmor, for instance, which helps encrypt data and replaces sensitive PINs with safer security means. First Data also helps Transarmor customers fill out self-assessments of their data security.

    While no product or procedure can guarantee a small business won’t experience a customer data breach, following best practices can reduce the risk. “Obviously it’s important,” says McMillon. “Bad guys attack small merchants as much as big merchants.”

    Hot Stories

    A small business owner looking at her personal credit

    New Development Could Improve Small Business Owners’ Credit

    Small business owner reviewing daily finances on a tablet

    How Suppliers and Vendors Can Help Small Businesses Access Financing

    Profile: Mark Henricks

    BizBuySell
    logo
    AllBusiness.com is a premier business website dedicated to providing entrepreneurs, business owners, and business professionals with articles, insights, actionable advice,
    and cutting-edge guides and resources. Covering a wide range of topics, from starting a business, fundraising, sales and marketing, and leadership, to emerging AI
    technologies and industry trends, AllBusiness.com empowers professionals with the knowledge they need to succeed.
    About UsContact UsExpert AuthorsGuest PostEmail NewsletterAdvertiseCookiesIntellectual PropertyTerms of UsePrivacy Policy
    Copyright © AliBusiness.com All Rights Reserved.
    logo
    • Experts
      • Latest Expert Articles
      • Expert Bios
      • Become an Expert
      • Become a Contributor
    • Starting a Business
      • Home-Based Business
      • Online Business
      • Franchising
      • Buying a Business
      • Selling a Business
      • Starting a Business
    • AI
    • Sales & Marketing
      • Advertising, Marketing & PR
      • Customer Service
      • E-Commerce
      • Pricing and Merchandising
      • Sales
      • Content Marketing
      • Search Engine Marketing
      • Search Engine Optimization
      • Social Media
    • Finance & Fundraising
      • Angel and Venture Funding
      • Accounting and Budgeting
      • Business Planning
      • Financing & Credit
      • Insurance & Risk Management
      • Legal
      • Taxes
      • Personal Finance
    • Technology
      • Apps
      • Cloud Computing
      • Hardware
      • Internet
      • Mobile
      • Security
      • Software
      • SOHO & Home Businesses
      • Office Technology
    • Career
      • Company Culture
      • Compensation & Benefits
      • Employee Evaluations
      • Health & Safety
      • Hiring & Firing
      • Women in Business
      • Outsourcing
      • Your Career
      • Operations
      • Mergers and Acquisitions
    • Operations
    • Mergers & Acquisitions
    • Business Resources
      • AI Dictionary
      • Forms and Agreements
      • Guides
      • Company Profiles
        • Business Directory
        • Create a Profile
        • Sample Profile
      • Business Terms Dictionary
      • Personal Finance Dictionary
      • Slideshows
      • Entrepreneur Profiles
      • Product Reviews
      • Video
    • About Us
      • Create Company Profile
      • Advertise
      • Email Newsletter
      • Contact Us
      • About Us
      • Terms of Use
      • Contribute Content
      • Intellectual Property
      • Privacy
      • Cookies