There is not a merchant, cardholder, issuer, or acquirer who wants to hear the words data breach. The impacts can be devastating, potentially affecting everybody in the transaction life-cycle, including innocent cardholders.
Our intent is not to frighten merchants, rather it is a wake-up call to data breach risk. If merchants ignore the risk, it can and will happen.
Merchants can and must be proactive in the face of data breach attacks. The best defense against fraud comes from being proactive, aware, and prepared.
How a Data Breach Happens
Professional hackers and data breach experts excel at their jobs. Yes, jobs – these criminals execute data breaches and fraud for a living. Because of this professional approach to fraud and hacks, merchants and cardholders cannot become complacent or live in hope they won’t fall victim.
To be successful, a professional hacker does the following:
- Research. Savvy hackers look for merchants with security weaknesses. These vulnerabilities can include an open and free WiFi network, disgruntled employees, outdated security systems, relaxed attitudes to storing customer data, and any other holes in communication and security.
- Invade. It is imperative for cybercriminals to move fast and efficiently. These hackers want to break in and move around freely without being noticed. This requires advanced technology, inventiveness, and confidence.
- Attack. There are two primary attack methods: network and social. In a network attack, the criminal uses holes or weaknesses in the company’s IT infrastructure or network to access confidential data. A social attack takes advantage of the complacency of employees, tricking them into giving up secure information or access to databases. This can happen with a believable looking email that asks the employee to confirm their credentials or open an attachment that has embedded malware.
- Steal. Once the criminal has successfully invaded and attacked the company, he completes his task by committing the theft.
Typically, fraudsters target companies that have access to confidential data. Common targets are healthcare organizations, online shopping merchants, social websites such as dating sites, government organizations, and credit providers. These types of organizations have access to personal data including credit card details, complete addresses, social security numbers, healthcare data, bank account information, and email addresses.
With this data, hackers have what they need to sell the data, apply for credit cards, go on online shopping sprees, steal directly from bank accounts, or more.
Costs of a Data Breach
One of the principal reasons for complacency towards data breach attacks is not understanding their true cost. Most people are made aware when hackers compromise a large organization and steal personal data. But unless it is a very high profile case, that’s where the story ends. There is little to no follow-up on what this data breach means for the organization – beyond the negative publicity.
When considering payments security and fraud prevention, merchants should be aware of the hard and soft costs of a data breach:
- Loss of merchandise. This is the direct result of data breach fraud when thieves use stolen credit cards to “purchase” merchandise with fraudulent transactions. This merchandise is never recovered.
- Customer communication. Merchants and other organizations must be proactive in communicating with their customers about a data breach. There can be significant resource and time demands communicating the breach to victimized and at-risk customers.
- Forensic review. Merchants are bound by regulations to undergo a forensic examination of their payment system after a data breach. The costs of this forensic review can range from $20,000 to $50,000.
- Issuer and acquirer fees. Merchants impacted by a data breach absorb chargebacks and their associated costs. This translates into higher issuer and acquirer fees and for some merchants can lead to placement in chargeback monitoring programs.
- Brand reputation. Recovering from a data breach is not easy, because the negative publicity can cause long-term brand damage. Merchants must be actively engage in communicating with their customers, investors, and other third-parties to mitigate the impact of a breach.
Be Proactive Against a Data Breach
One positive result that has emerged from the recent high-profile data breach attacks is the increased awareness of tried-and-true steps merchants can take to protect themselves from a similar attack. At the same time, cybercriminals constantly strive to stay one step ahead of preventative measures, so merchants must remain current with the latest payment solutions technology.
Merchants who are fully committed to payment solutions security and cardholder protection can address potential weaknesses and protect themselves and their customers from attacks.
- Multi-layered fraud prevention. Choose payment solutions that employ layered fraud detection technologies to detect and stop criminals.
- Be smart about data. Don’t keep any customer data on file, in the cloud, in a database, or on a USB drive.
- Use encrypted communications. Work with industry experts to configure an encrypted communications network and payments solution.
- Stay alert. Conduct reviews of your payment solutions, educate your employees on the risks and potential for data breach attacks, and know the signs of fraudulent activity.
Data breach attacks happen, but with the right partners they can be prevented. Contact us to learn more about how Verifi experts can help keep your network and payments data safe and secure.