Robert Siciliano Identity Theft Speaker
Up until now, identity thieves have been hunting elephants. But that may soon change.
According to this study, small to medium size businesses (SMB’s) are the criminal hackers next target. This should come as no surprise, as large enterprise networks have gradually become better at defending themselves.
Over the past few years, criminal hackers have acted like hornets, attacking and swarming unassuming enterprise networks. Big business has responded by allocated billions of dollars in funding for technology and talent to thwart their sting.
In 2009, enterprise defense is the best it has ever been. It’s still lax, but now the path of least resistance has become SMB’s. Your mom and pop shops simply don’t have the resources, including deep pockets, to keep up.
Studies by the International Council for Small Business show that one fifth of small businesses aren’t even equipped with basic defenses, such as McAfee security software. Furthermore, as many as 60% don’t even have wireless encryption activated. What is most disturbing, but not surprising to this security analyst, is two thirds don’t have any type of security plan in place.
According to poll responses, these same SMB’s overwhelmingly believe that they aren’t targets, that only big businesses need to worry. However, this same study shows that 85% of fraud related to criminal hacks occurs within this exact group.
The National Retail Federation stated that Level 3 businesses are only 60% compliant and Level 4’s are even less secure.
PCI Compliance, a Visa based organization that regulates merchants in order to prevent credit card fraud, recognizes retailers at different levels. Level 1 retailers process 6,000,000 Visa transactions per year, Level 2 retailers process 1,000,000 to 6,000,000, Level 3 retailers process 20,000 to 1,000,000, and Level 4 retailers process fewer than 20,000.
Many security issues stem from the SMB’s lack of resources, coupled with their shift to online transactions and the handling and storage of their own data.
Some say that the responsibility of handling these transactions should be shifted back to the banks.
One additional recommendation for these Level 3 and 4s is to adopt a strategy in which the merchant never handles the credit data at all. The merchant would have an online shopping cart, but the credit card transaction would be diverted to the bank server, without ever being touched by the merchant.
I’m one of those Level 4 merchants and this is the strategy that I use. All orders are taken online and nobody aside from the bank handles client credit card data. PCI compliance is a breeze – no hiccups.
While this is practical for some SMB’s, it doesn’t work for others, so those retailers need to get their act together immediately, because criminal hackers are watching.
See identity theft speaker Robert Siciliano discuss data breaches here.
I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Watch Those Corporate Card Statements to Prevent Credit Card Scams
Charges on corporate credit cards can often go unnoticed even when employees are submitting expense reports. Especially if the charges are small. The Federal Trade Commission filed a lawsuit describing a criminal enterprise responsible for “micro charges,” fraudulent charges ranging from 20 cents to $10, to as many as one million credit cards since approximately 2006. Because
- Why You Need to Pay Attention to Credit Card Statements
Despite what silly James Bond-esque credit card commercials may imply, credit card companies don’t really protect you to the degree you expect. If a credit card company detects irregular spending on your credit card, they may freeze your account or call to verify your identity. While these measures do help secure your card to an
- Beware of Credit Card Micro Charges
Micro charges are charges ranging from 20 cents to $10 and either are fraudulent, legitimate or fall into the category of “grey charges,” which describe sneaky recurring or unwanted charges. These charges often go undetected because they are so small. Nine out of 10 credit card holders don’t scrutinize their statements carefully, allowing these scammers to
- The Evolution Of Online Fraud Prevention
Around 1994, when I operated a small mail order catalog business, it was very difficult to obtain “merchant status,” or approval to accept Visa, MasterCard, Discover, and American Express cards. It was easier if you had a storefront, but payment processors made mail order businesses jump through more hoops. Their main concern was that companies could
- 67% of Companies Fail Credit Card Security Compliance
All merchants who accept credit cards are now subject to strict Payment Card Industry standards, rules, and regulations, which require a level of security that took about five years to finally implement. PCI exists to increase credit card security and, among other goals, to stave off government intervention. While significant effort has been made to improve
2 Responses to “Credit Card Hackers Target Small Business”
[…] PCI Security Standards Council a self regulating body who oversees much of what occurs regarding payment card transaction said […]
[…] The PCI Security Standards Council, a self regulating body that oversees much of what occurs regarding payment card transaction, said they would begin testing HSMs. Bob Russo, general manager of the global standards body, said that the council’s testing of the devices would “focus specifically on security properties that are critical to the payment system.” […]
Leave a Comment
You must be logged in to post a comment.