Published April 24, 2020
With many businesses having to temporarily close their storefronts amid the coronavirus global pandemic, many have taken to ecommerce to be able to continue their sale of products. While this is a logical transition, those who are new to the online space may be encountering issues they are ill-prepared to face, including cybercrime.
While data breaches affecting large corporations get the most press, cybercrime is on the rise among smaller companies as well. In fact, 43 percent of cyber-attacks targeted small businesses in 2019. Given that a single breach can have long-term repercussions that devastate a business, owners need to make cybersecurity a top priority.
Cybercrime’s effects are multifaceted. Let’s say your business is a pizza restaurant franchise with half a dozen locations. You process orders in-store, over the phone and online. To streamline the ordering process, you maintain a database containing customer information, which includes credit card data.
Now, let’s say your company’s system is infiltrated by hackers that want the credit card information you keep on file. The most immediate consequence of the hack will be damage to your business’ digital infrastructure: the virus or other malicious program used to access your system can render your company’s software inoperable.
Similarly, the simple act of opening an infected email could lead to every computer terminal on the company’s network being locked down by destructive ransomware. And since contemporary businesses rely on computers for everything from point-of-sale checkout to inventory management to payroll, your company won’t be able to do business until any computer issues are fully resolved.
Worst of all, depending on the severity of the breach, the recovery process could take hours, days or even months—making it impossible for you to run your business for an extended period of time after the breach.
In addition to repair and downtime costs, there’s also the issue of notifications. If your company does business in 48 of the 50 states, you are required by law to notify anyone whose personal information may have been exposed in the breach.
As you can imagine, the response to a notification of this kind is negative. In fact, a third of consumers stop doing business with companies after a hack. Therefore, those notifications could seriously impact your company’s reputation.
Finally, your business may be liable for hundreds of thousands of dollars in fines from your company’s bank. You company’s bank is adamant on protecting your customers’ financial information, so you will inevitably be required to pay fines for a breach in compliance.
Due to the triple hit of system repair, reputation damage and financial penalties, 60 percent of small businesses close six months after a data breach. However, by investing in a few robust cybersecurity solutions, owners can drastically reduce their company’s risk of being hacked.
Because of the pervasiveness of cybercrime, the Federal Communications Commission (FCC) has established a resources page to help small and midsize businesses protect themselves. The FCC’s most important recommendation is that businesses establish best practices to bolster their cyber-defenses.
While best practices listed above are essentially common-sense security measures applied to the digital space, payment card security is a bit more complicated.
To combat the worldwide issue of debit, credit and prepaid card fraud, the major card brand companies (Visa, MasterCard, American Express, etc.) established a series of standards to improve fraud security. These standards are called the Payment Card Industry Data Security Standard (PCI-DSS) and they deal with how best to accept, process, store and transmit payment card data.
Although there are no laws mandating businesses adhere to the PCI-DSS, the individual card brands assess fines to the financial institution that processes your payment card transactions if a data breach creates a compliance issue. Depending upon the card brand, these fines can total between $5,000 and $100,000 for every month an affected party remains out of compliance.
Furthermore, if the merchant affected isn’t PCI-compliant, but the financial institution is, banks will often shift liability for those fines to the merchant. Therefore, it’s clear that striving to be PCI-compliant should be the cornerstone of any companies’ cybersecurity strategy.
For even the most tech-savvy organizations, payment card security can be a real challenge. If your company accepts payment cards in person, over the phone or online, the PCI-SDD mandates hundreds of different controls regarding the handling of customer data.
To relieve the pressure of meeting all those controls, it’s recommended that merchants’ partner with a PCI-compliant payment card processor. Ideally, small businesses should choose a card processor that utilizes cutting-edge cybersecurity methods — such as the tokenization of payments — to further minimize risk, and allow your customers to enter their cardholder data directly into the gateway or processor directly (like with an i-Frame), so you never “touch” that cardholder’s data.
The benefit of tokenization is that, as soon as the sensitive payment card data is captured, it’s replaced with an algorithmically generated, unique number sequence called a token. Consequently, the customer’s data is protected from hackers as it isn’t stored in the merchant computer system (only the token data is). And token data cannot be reverse engineered into payment card data.
Because NCR uses tokenization and robust encryption to process card transactions, the number of PCI controls our partners need to maintain for compliance drops from 335 to 35.
Adopting cybersecurity best practices and becoming PCI-compliant can be mission-critical to your company’s long-term success, as well as their short term success in weathering the challenges of shifting to ecommerce. Not only can those measures lower your business’s risk factor for a data breach, they can also mitigate the damage if one does occur.
Finally, such measures also prevent against payment card fraud, protecting your company’s bottom line by reducing chargebacks, reimbursements and legal claims.
NCR’s affordable payment card processing services, in both the physical and online space, are both PCI-compliant and encrypted. As such, our clients can rest easy knowing that their customers’ data — and their own reputations — are being protected by some of the most sophisticated and most trusted cybersecurity technology currently available.
Contact us today to optimize your company’s payment card security.
NCR is committed to helping businesses of all sizes navigate the many challenges of the COVID-19 outbreak. For more information, contact NCR.
Our experts are in the trenches with our customers, working hard to help provide guidance, solutions and recommendations.
You can find us at NCR.com/payments, have us call you back, call us 1-800-834-4405 or email us at Assist.firstname.lastname@example.org .