Preventing Security Breaches: Reducing Merchant Risk


January 2019


Data breaches are a continual risk for companies of all sizes that must maintain customer data. The situation has now evolved into a question of not if a business will become the victim of a data breach, but when and how many times it will happen. A data breach is defined as, “the intentional or unintentional release of secure or private/confidential information to an untrusted environment.”

The number of high-profile data breach cases making their way into the news serves to underscore that no business, large or small, is immune to the risk of such a breach. According to the Breach Level Index, “945 data breaches led to 4.5 billion data records being compromised worldwide in the first half of 2018.” Security is a top priority to merchants and to us here at EVO. That is why over the next three newsletters, we will explore this topic in detail, starting with how data breaches occur and how to reduce merchant risk.


How Data Breaches Occur

While the effects of a breach can be significant, there are steps that businesses can take to safeguard their most sensitive data while reducing the risk of a data breach. One of the most important steps that a business can take is to understand how such a vulnerability can occur. Criminals have developed more sophisticated methods for taking advantage of vulnerabilities inherent to payment systems.

During a transaction, payment card data make its way through several systems and parties as part of the payment process. There are actually two points during the process at which sensitive data may become vulnerable to exposure. First is the preauthorization, in which the merchant captures the payment data and then transmits it for authorization. The second is the post-authorization, in which data is transmitted back to the merchant and then placed in storage.


Negative Effects of Data Breaches

In a study conducted by Ponomon Institute for 2018, “The global average cost of a data breach is up 6.4 percent over the previous year to $3.86 million. The average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8 percent year over year to $148.” Calculate that cost across a large breach, and it becomes clear how devastating a breach could be.

Along with the costs associated with a breach, businesses must also worry about the number of customers that could be potentially lost as a result. According to a survey by digital security company Gemalto, “Fifty percent of consumers say they are unlikely to do business with a company where non-sensitive information was stolen.” Among the most widely publicized of the breaches was the Target breach, which resulted in exposing the debit and credit card data of approximately 40 million customers.

Home Depot is yet another major retailer to be hit by a data breach. In that instance, some 56 million customers are believed to have had their payment information stolen during an attack that spanned a period of around five months. Data breaches can be expensive not only in terms of a company's bottom line, but also to its reputation.

In spite of such risks, it is not uncommon for small business owners to feel a false sense of security, believing that only major financial institutions and retailers are at risk. According to Small Business Trends, “Forty-three percent of cyber-attacks occur in small businesses. The article adds that a data breach can be catastrophic to such merchants. “Sixty percent of small companies go out of business within six months of a cyber-attack.”

Data breaches and cyber-attacks are never a positive experience. That is why it is important to arm yourself with the knowledge of what it is, how it occurs, and ways you can prevent it. In our February edition of the Merchant Edge newsletter, we will continue our series on security, and give you the warning signs on how to tell if your business is at risk of security breach or cyber-attack.