By Ciani Welch
2016 may as well be stamped “The Year of Cybercrime, “ with the U.S. suffering a record of 1,093 data breaches according to the Identity Theft Resource Center. Everyday new reports of massive data breaches surfaced, shaking companies to the core and sending their customer’s scrambling for answers. Corporations like Yahoo, Weebly, and HP made headlines once their data was compromised. Despite the investments most corporation have made in building robust data security departments, the total number of breaches rose 40% year over year.
Unfortunately, this year will likely follow suit. Businesses large AND small continue to be affected by cybercrime. Most at risk: small businesses that do not have the luxury to invest in data security efforts. As the cyber crime rate continues to rise, so does the cost of internet security software. Last year, worldwide spending on security-related hardware, software and services rose to $73.7 billion. This is a tough investment for a small business to justify so most are pursuing a no cost, but high risk, strategy of hope and luck, instead. As 2016’s breaches proved, small businesses’ own payment data is at risk through their relationships with their vendors; doing business with an established brand in no way guarantees the safety of any bank account or credit card data they put on file. Conversely, they also need to protect the customer data that they themselves store.
So, how can small businesses protect themselves against cybercrime?
The Problem
The reality is small businesses openly share their data daily with the numerous suppliers and service providers they need to keep their business running. “Across inventory, equipment, technology, services, and marketing, a typical small business pays tens of vendors each month,” says Crystal Eastman, Head of Marketing for Behalf, Inc. Small businesses use a mix of business credit cards, when accepted, and often remit payments with checks or ACH. Nearly every time they pay a bill, they are sharing either a credit card number or a bank account routing number, both of which are usually stored in their vendor’s database.
While this has always been the way payments are made, 2016 has taught us that this is a bad practice. In addition to exposing their company accounts, many small businesses co-mingle funding and expenses with the small business owner’s accounts. So, when a vendor gets hacked, a small business often needs to worry about protecting the credit of the small business owner on top of their other concerns.
“It’s very difficult for a small business to respond quickly to a breach at one of their vendors. What are they to do? They can’t quickly cancel their card and request a new bank account number since all of their recurring payments to the vendors their business operations are dependent upon are also billing to those potentially compromised accounts,” explains Eastman. “The smartest way for a small business to be prepared is to avoid putting themselves in this situation in the first place.”
More Secure Payment Alternatives
Instead of blindly complying with whatever payment method their vendor recommends, small businesses need to take control of their payment decisions. Only the small business can be trusted to protect its own best interests.
Tip #1 Checks: Don’t be the last dinosaur
Checks are inconvenient, waste money on paper and postage, and send your valuable bank account details out into the world where they can be intercepted by fraudsters. Almost any vendor who accepts cash or check will accept other, more secure payment methods. Just inform them how you will pay so they know where to look when they are reconciling the books.
Tip #2 Not all ACH is created equal
ACH is a low cost processing option that is preferred by many B2B vendors. A small business can use the ACH network to send an electronic payment directly from their bank account. To ensure payments are received on time, many vendors will also request the ability to debit their customers’ bank account directly. Bad move. While more convenient for the vendor, this secondary use case for ACH leaves a customer’s bank details stored and at risk for a cyber attack. Never provide your bank details to a vendor and ensure you choose a payment method that does not transmit your account details when it delivers your payment.
Tip #3 Balance convenience with security
Leaving a payment method “on file,” seems convenient, until your vendor gets hacked. As reviewed with ACH, your business credit card number is a very attractive target for a fraudster. A payment tool designed for small businesses, like Behalf, will act as an intermediary so that you can make one-time or recurring payments without ever transmitting your own data. Behalf can make payments to any MasterCard accepting merchant with the use of single-use account number technology, which leaves no data footprint to compromise. Behalf can also be used to direct-pay vendors who do not accept credit cards and can be a more secure alternative to checks or ACH.
Tip #4 Trust, but verify
Switching to more secure payment methods will provide tremendous protection. However, no protection is failsafe. You must monitor your business credit, just as you do your personal credit, to quickly identify any fraud. Services like Experian and DandB offer tools for monitoring, as well as resolving any issues you may encounter with inaccuracies on your business credit report. Investing in such a service will take the guess work out of your risk management practices and give you an added layer of security.
Payment Control = Good Business
While you can’t make your vendors more secure, you can take the appropriate steps to ensure the way you pay them is. Keep control over your payments and you can rest easy knowing your data is safe. Then, you can stay focused on what matters – growing your business.
Ciani Welch is a freelance writer covering the latest in small business, fintech, and payment technology. @ciani_welch
