{"id":179341,"date":"2018-04-27T09:57:00","date_gmt":"2018-04-27T14:57:00","guid":{"rendered":"https:\/\/www.ntegrait.com\/data-breaches-and-credit-card-fraud-can-destroy-your-small-business\/"},"modified":"2018-04-27T09:57:00","modified_gmt":"2018-04-27T14:57:00","slug":"data-breaches-and-credit-card-fraud-can-destroy-your-small-business","status":"publish","type":"post","link":"https:\/\/ntegrait.com\/data-breaches-and-credit-card-fraud-can-destroy-your-small-business\/","title":{"rendered":"Data Breaches and Credit-Card Fraud Can Destroy Your Small Business"},"content":{"rendered":"

Most business owners are cognizant of the prevalence of fraud in the digital world today. According to Experian\u2019s Global Fraud and Identity Report 2018, almost three-quarters of businesses believe fraud is a growing concern, and nearly two-thirds reported fraudulent losses over the past year.<\/p>\n

\"Credit<\/p>\n

What is Fraud?<\/strong><\/p>\n

Fraud occurs when an individuals\u2019 payment information is used without their authorization. When hackers breach your network and access your customers\u2019 or clients\u2019 sensitive cardholder information, they have many opportunities to commit fraud numerous times. Anytime someone falsifies an identity and \u201ctricks\u201d a system into thinking the person making a purchase is someone other than who they actually are, this is considered to be fraud.<\/p>\n

Fraud is Pervasive in Today\u2019s Digital World<\/strong><\/p>\n

This is because the majority of business and consumer data remains vulnerable. As the value of digital information grows, so does the hacker\u2019s motivation to develop methods to avoid detection from the latest technologies.<\/p>\n

The existing account setup process requires consumers to provide extensive amounts of personal information along with passwords and secret questions. And data breaches provide this information to cybercriminals. When this data is stolen, it\u2019s often used for fraudulent activities.<\/p>\n

Fraud is a moving target just like the hackers. New tactics are evolving where criminals combine real and fake information to create new identities. <\/strong><\/p>\n

Most business owners just don\u2019t have a handle on this \u2013 and they lack confidence in their ability to protect their customers and their companies from fraud.<\/p>\n

One of the reasons for this is that their initiatives are mostly reactionary rather than proactive as many continue to use legacy cybersecurity technology rather than investing in new, more sophisticated data protection solutions. As a result, every month that goes by increases their vulnerability and exposure to data breaches and fraud.<\/p>\n

Fraud is an ever-present and growing risk<\/strong><\/p>\n

For businesses in e-commerce, managing the risk of fraud is a delicate balancing act between providing an ease of use for customers vs. fraud protection. They struggle with mitigating fraud and providing a positive customer experience. Unfortunately, the customer experience wins out in most cases, and businesses are willing to risk fraudulent losses over losing customers to their competition. Ironically, they are setting their businesses up for reputational damage where they will end up losing customers anyway, fail to gain new ones, and possibly face financial penalties and litigation costs.<\/p>\n

The\u00a0<\/strong>2017 Cost of Data Breach Study<\/strong><\/a> from the Ponemon Institute, sponsored by IBM, puts the global average cost at $3.6 million, or $141 per data record. That\u2019s a reduction in the average cost in 2016, but the average size of data breaches has increased. It\u2019s also worth noting that the average cost of a data breach in the United States is much higher at $7.3 million.<\/strong><\/p>\n

More than 50 percent of businesses say they still rely on passwords as their top form of authentication.1<\/sup> And business leaders know that using passwords isn\u2019t the most secure option. But customers are used to them, and business owners want to please them. They also complain that they lack the financial resources to adopt more advanced authentication methods when this would save them legal fees and penalties if\/when their customers\u2019 accounts are breached\u2013not to mention their reputation and the future existence of their business. This, of course, is very shortsighted.<\/p>\n

How data breaches and fraud are connected<\/strong><\/p>\n

Data breaches and fraud don\u2019t usually occur at the same time and place. Cybercriminals won\u2019t steal a customer\u2019s information and turn around and use it for a purchase from the same business. So. it\u2019s not easy for a business to detect when a breach occurs.<\/p>\n

Data breaches are typically detected by using specific security tools that monitor all payment activity. Merchants should follow PCI\/DSS Standards<\/a> to identify and prevent breaches and remain compliant. PCI-DSS audits will help you find vulnerabilities in your system and reveal inadequacies that must be eradicated.<\/p>\n

A successful case of fraud spreads like cancer<\/strong><\/p>\n

If a hacker can get one password, they may have the keys to other password-protected accounts. The more online accounts people open, the greater their risk. And most people have quite a few. If the hacker can figure out the password to someone\u2019s email account, they may also have the key to their credit card and banking accounts as well.<\/p>\n

You must remain vigilant to prevent data breaches and fraud.<\/strong><\/p>\n

What to do if you suspect fraud<\/strong><\/p>\n

A key indicator of evidence of fraud is in chargebacks where a customer disputes a charge on their credit card, and where you aren\u2019t paid for the service or product. If your chargeback rate increases above a 1% margin, this is a good indication that you\u2019re experiencing fraud.<\/p>\n

In this case, you should hire a third-party auditor like an IT Managed Services Provider (MSP) to help bring you back into compliance and stop the thieves. They will detect where the problem(s) exist and if what they find indicates a data breach. PCI-DSS compliance requirements mandate that you do this to stop the fraudulent activity.<\/p>\n

Of course, you should contact the card processor as well. They will connect you to the card providers who can often identify the point of access or detect a suspicious pattern of activity.<\/p>\n

What You Can Do to Reduce Fraud and Data Breaches.<\/strong><\/p>\n

Use EMV Technology.<\/p>\n

EMV<\/a> (Europay Mastercard Visa) is the global standard to authenticate payment cards. EMV technology can help you protect your business from fraud. It ensures the card is legitimate and that the person using the card is the authorized user.<\/p>\n

EMV chips are microprocessors that store and protect cardholder data. They use a unique cryptogram that\u2019s validated by the card issuer. This makes it more difficult for hackers to break the code and steal card information to commit fraud.<\/p>\n

Today, if you don\u2019t use an EMV-capable terminal, and the transaction turns out to be fraudulent, you can be held financially liable for that transaction.<\/p>\n

EMV has been used in the United Kingdom since 2004, and card-present fraud has gone down by 80% as a result. By comparison, without EMV in the U.S., fraud increased during this time by nearly 70%.<\/p>\n

Protect Data in Transit by Using Encryption.<\/strong><\/p>\n

When credit card data is stolen, it\u2019s considered a data breach. Considering the number of card payments your business processes in a month, hackers may view you as the \u201cPot of Gold at the end of a Rainbow.\u201d In other words, your business is a prime target.<\/p>\n

You can help stop the hackers from accessing data in transit by using end-to-end encryption (E2E) and point-to-point encryption (P2PE).<\/p>\n

The advantages of end-to-end encryption are:<\/p>\n