5 Tips for Reducing the Risk of a Data Breach and Fraud for Your Small Business
If your business processes customer’s electronic payment information, which virtually every business does nowadays, then you’re vulnerable to a data breach, leaking sensitive information, or fraudulent charges. And small businesses are particularly susceptible. Fraudsters often target smaller businesses because their security defenses are easier to evade. But, then again, the Target data breach in 2013 shows that even retail giants aren’t safe. Data breaches can be timely and costly fiascos to sort through, so it’s important to take every precaution when it comes to protecting your customers’ and your business’s sensitive information to reduce the risk (and the headache) of a data breach. Below are some tips to help you get started.
- Stay PCI compliant. The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations that help merchants manage and reduce the likelihood of a data breach for their businesses’ eCommerce and in-store transactions. Maintaining these standards not only helps curtail a data breach risk, but also protects your business from heavy fines should a data breach occur. Visit “How to Secure with the PCI Data Security Standard” on the PCI’s website for more information.
- 2. Update POS systems to be EMV compliant. This precaution is particularity true for in-store transactions. Because EMV transactions use chip-based microprocessors to transfer data, rather than magnetic strips, they provide, in general, a more secure transaction. Additionally, many payment brands have implemented liability shifts that hold merchants accountable for data breaches and fraudulent charges if they do not operate with EMV compliant hardware.
- Conduct risk assessments monthly. Rather than checking compliance standards annually or bi-annually, consider running a risk assessment on your business’s security features monthly. PCI standards are always being updated in response to fraudster activity. Make sure that you’re primed and ready each month, integrating any new PCI security measures into your data security system.
- Train yourself and employees to recognize suspicious activity. Even with all of your security measures in place, your business is still vulnerable to a data breach or fraud. It’s the business of fradusters to find ingenious ways around the precautions you’ve taken. That’s why you should train yourself and your employees on how to recognize suspicious activity for incoming orders or transactions. For example, for eCommerce orders, be mindful to check into strange e-mail addresses, unusually large orders, address discrepancies, and customers outside the demographic who usually do business with you. These could tip you off to a potential data breach or attempted fraud.
- Integrate multiple security features into eCommerce transactions. When conducing business online, be sure to implement several security features into the transaction process that help verify the identity and credibility of the customer. For example, always require address verification that checks the billing address provided with the one on file with the credit card company. Also, require customers to provide a Card Code Verification (CCV) number to complete transactions. These simple precautions can go a long way in safeguarding your online business from a data breach or fraud.