February sees small businesses at risk of “unprecedented levels of attempted fraud”, according to data from payment processing company Worldpay.
Instances of fraud could increase by as much as 80% this month, with hackers starting to capitalise on customer data harvested over the busy Festive shopping period.
Tim Lansdale, head of payment security at Worldpay said:
“We see a dip in fraud around Christmas as hackers go on the hunt for information, using the online sales rush to stockpile thousands of customer card details.
“It isn’t until February that they start cashing in on all the data they’ve collected. Other breaches can last much longer; attackers might decide to keep returning to their targets, sometimes for years.”
From 2011 to 2014, the average data breach exposed 284 days of card payments. Worldpay’s analysis showed that breaches lasting from 11 days were at lowest end of the scale, with longest lasting as many as 1,723 days.
Worldpay says that SMEs are easily the biggest target of hackers, accounting for nearly 86% of UK data breaches. Almost all data breaches (as many as 99.3%) occurred online rather than at point of sale, with the UK’s e-commerce market boom proving costly for some small businesses.
In 2014, businesses in the hobby, entertainment and leisure industries accounted for more than 23% of all card data breaches, followed by clothing and footwear stores at more than 16%, and jewellery, beauty and gifts at 11.6%.
Businesses in the entertainment industry are especially vulnerable due to online ticket booking systems taking a high number of credit an debit transactions processed daily.
Clean-up costs for SME victims of hacking can run into the tens of thousands of points, with the standard investigation costing £11,250 on average, and attracting a minimum penalty of £8,000. This doesn’t even include the cost of lost goods, compensation, and damage to reputation.
Lansdale continued:
“Data breaches can be ruinous, so its vital small business owners know the risks and take the necessary measures to protect themselves and their customers and employees.
“You wouldn’t leave your store unlocked overnight, yet so few businesses are doing enough to protect their online shop fronts and keep hackers at bay.”
Worldpay advises SMEs to take measure such as changing all their default passwords, having a third party host their payment page, and testing firewalls at least four times a year. It is also important to securely destroy all customer card data when no longer necessary and to avoid storage of customers’ three digit “CVC” card number.
Words: Peter Cribley