We’ve all heard about the big data breaches, read about the after-affects, and have seen how consumer confidence can evaporate into thin air after a hack. Yet there is still that “it won’t happen to me” mentality among small to medium-sized businesses. This is how that thinking goes: Why would cyber criminals waste their time on my little ol’ business when there are so many bigger companies with so much more data?
Here’s the hard truth – fraudsters do not discriminate. They go where they can grab the data and get out. In 2014 alone, there were 783 data breaches in the U.S. – far more than the handful of Tier 1 merchant breaches that made the news.
And no matter what size the merchant is, the direct cost per lost data is a hefty $201 per record. So for a small, one-location merchant processing 6,000 unique credit cards a year, that’s a staggering loss of $1,206,000.
And let’s not forget other variable costs such as forensic examination, legal defense, and notification of affected customers. And what about the damage a breach can do to your brand? A study conducted by the Harris Institute and sponsored by Cintas Corp. found that 2/3 of U.S. adults would not return to a business if their personal information was stolen.
SMBs are not invulnerable. Take the UPS Store breach last year. UPS Store computers were infected with malware that compromised the security of 51 stores across 24 states and exposed the personal data of over 100,000 customers to hackers. You hear UPS and you think “another big retail hack.” But in fact, dozens of individually owned UPS Store franchises were breached, all under the umbrella of UPS, demonstrating that no matter how big or small your business network is – you can be breached.
For all merchants, a holistic approach to data security is a necessity. EMV and tokenization do their part in protecting card data once it has been entered into the POS system, but for the majority of breaches, the data is being stolen while it is in motion – starting at the point of entry where the card is being swiped.
The PCI Security Standards Council recommends implementing a PCI-validated Point-to-Point Encryption (P2PE) solution for point of sale transactions, ensuring that credit card information is encrypted at the point of entry and cannot be read or decrypted at any point within the merchant’s network. Because cardholder data is never in the clear, and cannot be accessed in the merchant POS system or network, the data is not accessible to fraudsters in the event of a breach.
The value of P2PE is starting to be recognized – even in the realm of small to medium-sized businesses. Bluefin announced today a partnership with the Small Business Payments Company to bring our retail and mobile P2PE solutions to their 30,000 clients utilizing their Small Business Workbench software application.
“We are continually looking to offer our small business customers the very best services and offerings to allow them to focus on their business and succeed,” said Dave Kurrasch, Vice President and General Manager of Small Business Payments Company. “Bluefin’s P2PE payment solutions will provide an exciting added value to our clients, offering the highest standard of integrated payment transaction security for transactions.”
If the last year and a half have taught us anything it is that no business is too large or too small to fall to a fraudster.