February 03, 2015
Every time a mega breach is reported in the news it seems the focus is just on that company.
But the fall-out reaches much further than that.
Of course, mega data breaches result in hundreds of millions of exposed identities – and vulnerable consumers.
At the same time, smaller merchants can find themselves in trouble too.
In 2014, the average merchant suffered 133 successful fraudulent transactions per month, up 46% from the previous year.
Consider that the 2014 LexisNexis True Cost of Fraud Study also showed that in 2013, an average merchant lost about 68% of annual income to fraud. Merchants also incurred other losses, penalties and chargeback fees totaling $3.08 per dollar of fraud (compared to $2.79 the previous year).
The more data breaches there are, the more all merchants are at risk of fraud – due to the volume of stolen personal information in circulation.
Here’s how a mega breach can play out and affect a small merchant.
The Breach: Criminals use sophisticated programs to hack into merchants’ databases and steal personally identifiable information such as credit cards and debit cards. Stolen credit card numbers are often sold at illegal online black markets.
Credit Card Fraud Detection: The company detects a breach (immediately to days and even months after it has occurred) and puts a response plan in motion, including notifying the credit card company so cardholders’ cash is sealed. (However, at least one transaction is made by 70% of stolen cards, said Trend Micro executive Tom Kellerman in an online Bloomberg Business Week story.)
Credit Card Fraud Charges and Cost: The company that experienced the breach has to deal with damage done to reputation, bottom line, and share prices. Credit card owners, while not held responsible for illegal purchases, have to deal with the hassles of a breach. Small merchants may be on the hook if they mistakenly accepted stolen credit cards. If they can’t prove the ‘authenticity’ of a purchase, they have to pay a ‘charge back’ fee for letting thieves use the stolen cards. At the same time, a small business may never get paid for a product it has shipped or ‘sold’.
To protect all size organizations from a security breach:
Security experts in this podcast provide more insights on how small businesses can protect themselves from data breaches.