Don’t Worry, You Won’t Get Hacked… Just Kidding

Wednesday, April 29, 2015


Denying you’re susceptible to a data breach is in a sense saying, “I won’t lock the store’s door tonight—no one will rob us.” Not something you would even consider, right?

Case in point.. a quaint California wine tasting owner locked the door before heading home for the night, but didn’t expect to get robbed through another route—its computer system.

Owners discovered malicious software on the systems they use to process credit card transactions at the shop after it was too late. Names, addresses, card account numbers, expiration dates and security codes were compromised, as the company later explained in a notification to customers.

The fallout was swift: Wine shop regulars started using cash instead of credit cards, wine club subscriptions were cancelled, and there were tons of bad reviews placed on Yelp.

And while only a handful of customers were actually affected by the breach, as The Los Angeles Times reported, the impact to the company’s reputation was severe.

Could this happen to you?

For every high-profile security breach we learn about in the news today, there are dozens of threats to confidential data held by Main Street businesses. Sadly, many SMBs still don’t see data security as a major priority, which also explains why so many of them continue to get hit hard by breaches.

What you need to know is that hackers do not discriminate when it comes to the size of the business. One hundred stolen records from a big corporation are just as valuable as 100 stolen records from an SMB.

The fact that smaller merchants don’t have the same state-of-the-art security systems in place as big-box stores make these targets all the more desirable. So desirable in fact that a 2013 Ponemon Institute report revealed 55 percent of small businesses had a data breach and 53 percent of those businesses had multiple breaches.

With less time and resources, hackers can steal data from several SMBs and get just as much data as when they steal from one large corporation.

If you store it, they will come. defines a data breach as an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. And since hackers can only steal what you are storing, The National Law Review recommends evaluating how you are collecting data, how long you are keeping that data and what data you are sharing with third parties.

There are several types of data that interest hackers. These are:

  • Customer financial data—credit card data, banking or brokerage account numbers
  • Personally identifiable data—name, address, driver’s license number, social security number
  • Internal company information—network maps, server names, business plans, company financials

 The data is obtained illegally through three main techniques, according to

  • Physical theft—a criminal physically steals information such as a computer, server or mobile device, or steals actual physical records such as receipts and customer files without authorization.
  • Skimming—refers to the theft of data contained in the magnetic stripe on the back of a payment card. This is achieved by using a small device to skim the data off the cards or through tampering with the card readers at the point of sale.
  • Cybercrime—the most common source of all data breaches, this method includes cyberespionage, web application attacks, denial-of-service attacks, malware and viruses.
Much of the stolen data is sold on the cybercriminals’ black market, which some say has become more profitable than the illegal drug trade.

The consequences.

Have you ever thought about what it would mean to your business if a payment data breach were to happen? While the financial costs can be high, even the non-monetary consequences can be quite damaging:

  • Steep fines and fees—you’ll need to shell out money for forensic examinations, notification of third parties, credit or identity monitoring, legal defense, PCI assessment, reissuing payment cards.
  • Bad press—even if the breach of your business doesn’t make national headlines, if it is posted to the Internet it is readily available through search engines—and it won’t be pretty.
  • Loss of customer loyalty—according to the National Cyber Security Alliance, 69 percent of consumers said an organization’s security breach would make them less inclined to shop there.
  • Out of operation—60 percent of small businesses closed within six months of a data breach, according to Experian.

And there are more things to consider like the loss of your valuable time. The threat to SMBs is very real and if you’re not implementing the proper measures for data protection, you’re opening yourself up to a huge risk. What’s more, the Ponemon Institute reports that 2015 is expected to be as bad or worse than last year, as more sensitive and confidential information and transactions are moved to the digital space.

There are a lot of common-sense measures an SMB can take in order to combat cybercrime, and you can find many of them on this previous blog post. However, the best way to outsmart hackers is by implementing a layered approach to data security we call Heartland Secure™, which combines EMV, end-to-end encryption technology and tokenization.

With all three technologies working for you, your business has the best chance of avoiding a data breach—and all the consequences that follow. In addition, your payment processor can help you develop a proactive plan to address security threats to your business.