Are Small Businesses At a Higher Risk of Point of Sale Data Breaches?
Giant retailers Target, Home Depot and Neiman Marcus all have one thing in common aside from their size; they made global headlines following a data breach that stole millions of credit card information and records from their networks.
However, this can easily happen to businesses both large and small. Andrew Bargin, founder and CEO of My Digital Shield, a cloud-based provider of small business data security services, believes that mom-and-pop businesses make easy, tempting targets for hackers. In a recent interview with Small Business Computing, Bargin stated that a whopping 70% of data breaches happen through small businesses — but also that 90% of those breaches can be prevented by available technology.
According to Bargin, retailers of all sizes are just now coming to terms with a long standing threat called Backoff. Backoff is a kind of malware specifically designed to extract customer credit card information from POS systems running on Windows operating systems. Essentially, Backoff and other similar programs act as credit card skimmers and key loggers. The data is then transmitted to data thieves and hackers.
Because of its devastating effects on consumers and businesses, Backoff has garnered the attention of US-CERT, the United States Computer Emergency Readiness Team. In late July, the agency released findings from a year-long Secret Service Investigation into Backoff.
“Seven POS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes, and the Secret Service currently estimates that more than 1,000 U.S. businesses are affected,” stated US-CERT in regards to the data breach.
To make matters worse, Backoff has been detected as far back as October of last year, which means that some retailers may not even be aware that their POS systems are infected with the malware.
“Using a POS system that does not store credit card information ‘locally’ is one of the best things a small or medium retailer can do to protect customer data,” says Eric Catania, CEO of Digital Reality, Inc. “Modern systems offered by Digital Reality send all credit card data immediately and in an encrypted fashion to the credit card processor, without keeping a local record. This technique, combined with a strong PCI compliance strategy, will keep customer data safe.”
The greatest difference between breaches that garner media attention and those impacting small businesses is that giant retailers have the ability to recover. According to data from the National Cyber Security Alliance, 60% of small businesses that experience data breaches close within six months, as the financial impact and burden is difficult to recover from.
Large retailers such as Target have the legal and financial power to negotiate lower penalty fees, and may ending up paying as little as $45 per credit card stolen, whereas small businesses can pay upwards of $100 or more. When that figure is multiplied by hundreds or thousands of credit card transactions, it is easy to see how devastating a security breach can be for small businesses.
Awareness and education are the best tools in preventing data breaches. Businesses are encouraged to consult a security adviser, in addition to upgrading POS software and systems.