4 Ways You Can Help Protect Your Customers and Your Business
By Larry Brennan
A single data breach can seriously damage a small business’ finances and wreck customer loyalty. Just one instance involving a breach of personal or payment data could lead to a loss of more than 20 percent of a business’s customer base, according to a recent report from my company, Bank of America Merchant Services.
Fortunately, the report – based on surveys of more than 500 U.S. small businesses and over 500 consumers – showed that business owners are taking steps to improve their security and business practices.
The cost of a data breach
Many small businesses are at risk for data breaches—and those breaches can be costly. Our study found that among the small businesses that reported a data breach in the past two years, nearly 40 percent suffered more than $50,000 in losses. This is an increase from 2017, when just 31 percent of businesses reported breach-related financial losses on the same scale.
Breaches also erode consumer trust, and age plays a role. For example, consumers ages 18 to 29 are twice as likely as those over the age of 65 to avoid small businesses that have experienced a data breach, according to the survey.
How to protect your business
Fortunately, the study found small business owners are taking steps to help combat counterfeit card fraud and protect consumer and business data. The measures they’re taking include:
- Employing EMV chip-card technology. Two-thirds of small businesses are now using EMV chip-card technology at the point of sale (POS), which can help them reduce the risk of accepting counterfeit cards. EMV chips generate a single-use encrypted code, while a PIN helps reduce the risk of a lost or stolen card being misused.
- Reducing employee risks. Small business employees can trigger security risks, often inadvertently. Owners and operators are working to reduce the threat of exposure by using firewalls and strong passwords, blocking unsecure sites on business devices, and restricting POS devices to strictly processing transactions and other business tasks.
Four steps to take right now to protect your business in 2019
For small businesses that want to protect against breaches – and the financial and reputational impact they have – I advise implementing these four actions immediately.
- Use a POS solution that encrypts and tokenizes payments data. Look for a POS that offers point-to-point (P2PE) or end-to-end (E2EE) encryption along with tokenization. Encryption helps protect sensitive payment card data against theft or exposure at the point of sale. A token is provided and stored in the merchant’s environment. Tokens are useless to cybercriminals. These dual layers of security measures keep card numbers out of your system so your business and customers’ card information is protected in the event of a data breach.
- Restrict network use on payment systems. If you are allowing any additional network use, such as email or internet browsing, on a system that is used for payment processing, you are needlessly risking exposing data. Thieves often target remote access systems connected to the internet. Using email or internet on these systems increases a fraudster’s ability to access the credit card processing environment, which could ultimately result in a data compromise.
- Ensure proper system access management. Changing passwords is still one of the simplest and most effective ways to protect data. Require changes to complex passwords at least every 90 days and encourage employees at every level not to share their username or password with others.
- Achieve and maintain Payment Card Industry Data Security Standards (PCI-DSS). PCI-DSS standards protect the safety of cardholder data with updated standards for security policies, technologies and everyday business processes. Your payments provider can help guide you through the process.
As costs associated with combating a breach of customer or payments data continue to rise, it’s imperative that small business owners take action to mitigate risks. A trusted payments partner can you help determine which technologies are most appropriate for your business’ size, industry and customer base – so you can focus on what’s most important: growing your business.
Larry Brennan is the SVP, Merchant Data Security and Cybersecurity at Bank of America Merchant Services