Small businesses are being warned to be on their guard in February, with payments expert Worldpay predicting “unprecedented levels of attempted fraud”.
Data from Worldpay, the UK’s leader in payment processing, suggests instances of fraud could rocket by as much as 80% in February as hackers start to capitalise upon customer data harvested during a hectic Christmas shopping period.
Tim Lansdale, head of payment decurity at Worldpay, said: “We see a dip in fraud around Christmas as hackers go on the hunt for information, using the online sales rush to stockpile thousands of customer card details. It isn’t until February that they start cashing in on all the data they’ve collected. Other breaches can last much longer; attackers might decide to keep returning to their targets, sometimes for years.”
During 2011-2014, the average data breach exposed 284 days of card payments. Worldpay’s analysis showed breaches lasting from 11 days at the lowest end of the scale, to 1,723 days at the other extreme.
Worldpay says small businesses are by far the biggest target for hackers, accounting for 85.7% of UK data breaches. Virtually all data breaches (99.3%) happened online, rather than at the point of sale, as the UK’s e-commerce market continues to boom.
In 2014, businesses in the entertainment, hobby and leisure industries accounted for 23.3% of all card data breaches, followed by clothing and footwear stores (16.3%) and jewellery, beauty and gifts (11.6%). Businesses in the entertainment industry, particularly online ticket booking systems, tend to make easy prey for hackers due to the high number of credit and debit card transactions they process online each day.
The clean-up costs of being targeted can run to tens of thousands of pounds, with a standard investigation costing £11,250 on average, and attracting at least a £8,000 penalty, not including the costs of lost goods and damage to reputation.
“Data breaches can be ruinous, so its vital small business owners know the risks and take the necessary measures to protect themselves and their customers and employees. You wouldn’t leave your store unlocked overnight, yet so few businesses are doing enough to protect their online shop fronts and keep hackers at bay,” said Lansdale.
Small business fraud check-list:
- Have you changed all your default passwords, so they’re harder for someone to guess?
- Is your payment page hosted by a third party? Hosting your own can be less secure.
- Do you test your firewalls at least every three months, or get a security professional to test for you?
- Do you securely destroy all card data records when no longer needed i.e. pulping/shredding/incinerating?
- Are you avoiding storing the three digits ‘CVC’ number on the back of the card?