Thanks to Paul Kleinschnitz from our Marketplace partner First Data for sharing some industry insight.
Studies show that small- and medium-sized businesses are especially vulnerable to being victimized by a data breach—and the lost business and fines that result can be catastrophic. In fact, according to Trustwave SpiderLabs’ Trustwave Global Security Report 2012, 91 percent of all data breaches affect small businesses. Data breaches are constantly in the news, and recent high profile cases show that no organization is immune—especially as criminals develop increasingly sophisticated methods to exploit vulnerabilities in the payment system.
There are numerous reasons why you should care about payment security. Probably the top reason is to preserve the integrity and viability of your business. A data breach has the potential to do costly or even irreparable harm to a small merchant.
If your business were to suffer a breach, your actual cost would be determined by factors such as:
- Notification of customers – Most states require that the state attorney general as well as customers be notified if their financial information may have been compromised in a data breach. Depending on the number of customers and their locations, the process of sending notifications may cost thousands of dollars.
- Credit monitoring for affected customers – You may be required to provide up to a year’s worth of credit monitoring services to customers affected by your breach.
- A mandatory forensic examination – The regulations of PCI DSS require that a merchant that is even suspected of having a data breach undergo a forensic examination to determine if a breach has actually occurred and, if so, to what extent. This examination can last several days and may require the shutdown of your POS during that time.
- Card replacement costs – Card issuers may require that you pay the cost of reissuing debit and credit cards of those customers whose data has been compromised. These fees can range from $3 to $10 per card.
- PCI compliance fines – The card associations may levy fines against your business, depending on the nature of the offense that led to the breach, and whether or not the cards have been used in actual fraud cases. Such fines for small merchants can range from $5,000 to $50,000 or more.
- Liability for fraud charges – Many merchants assume they have no liability for the fraudulent use of payment cards after a data breach. This is not necessarily the case; lawsuits may impose liability on your business under certain circumstances. Your regular business insurance would not necessarily cover this type of liability (check with your insurance provider to determine exact coverage limitations).
There are many companies out there offering solutions to protect your customer data. Don't leave this to chance...find a good provider for your business. Click here to learn more about our particular solution.