Cyber criminals are shifting their focus to target smaller businesses that accept credit card payments, which means your business could be next. With 60% of small businesses going under within 6 months of being breached, the cyber security and PCI compliance of your business should be one of your top priorities. After reading this article you will know:
- Why Cyber Security Is Important for Your Small Business.
- How to Protect your Business from Cyber Threats When Processing Credit Cards.
- What to do if you suspect you have been hacked.
Why Cyber Security is Important for Your Small Business
- Cybercriminals are now targeting smaller businesses in greater numbers where security is weaker.
- 60% of small businesses that suffer a data breach are out of business 6 months later
- A recent survey by Fortinet found nearly two-thirds of consumers held merchants responsible for data breaches.
To help understand these issues we spoke with Simon Gamble, small-business cyber security expert and president of Mako Networks‘ U.S. branch.
A Basic OverviewSimon began our conversation with three comments:
- Any small business that accepts credit cards is a potential target for a cyber security breach.
- Small businesses are held to the same level of credit card security standards (discussed later in this article) as large businesses such as Target or Home Depot.
- Any small business that suffers a cyber security breach and is found to be non-compliant to credit card security standards, is fully liable for charges related to the breach.
You Could Be a TargetIf you are a small business who accepts credit cards, then you are vulnerable to a cyber attack. Cyber attackers are targeting small businesses more and more, because their networks are easier to hack and they are not as regularly checked for compliance to credit card security standards.
If you are underprotected, a hacker can now inject malware onto your payment terminal from anywhere in the world and access your customers’ information.
PCI Compliance (Credit Card Security Standards)If you accept credit cards, then you have agreed to abide by The Payment Card Industry Data Security Standard (PCI DSS), whether you know it or not. The PCI DSS is a set of requirements designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.
Security Breaches, Liability, and Other ConsequencesIf your small business is suspected of a security breach, PCI DSS inspectors come in and try to determine if there is a breach and how it occurred. This process in and of itself can be crippling for a small business, shutting down operations for a minimum of several days and costing between $8,000 – $20,000 in inspection fees.
If your business is found to be non-compliant, then you are potentially held liable for even more charges:
- Data Security Fine – Up to $500,000 fine per security breach incident.
- Non-Compliance Fines – Up to $50,000 per day for non-compliance with published standards.
- Card Replacement Fees – $3-$10 per card x total number of cards compromised.
- Refund Fees – Potentially held liable for all fraud losses incurred from compromised account numbers.