how secure are merchants?Protection for the 21st Century
Security is an ongoing concern for SMEs, especially when transactions are taking place via online channels, with customers and service providers sometimes half a world away. SMEs offering mobile payments to customers must have in place measures against the three most common risks: fraud, chargebacks, and data security.
What are the security threats for small businesses?
As National Small Business Week takes place (May 5-May 11) it serves as a welcome reminder of the obstacles that small businesses must overcome to not only survive, but to grow and flourish. The role of data-protection in this process is not a minor one. Accordingly we bring you the top threats to small business data security.
Threats appear in many forms, but some of the most common ones, which SMEs should keep an eye open to, include employees opening malicious e-mail attachments or links and using weak passwords - fortunately, this risk can be significantly mitigated via proper security training and implementing two-step authentication. Ransomware and malware are also threats, which can target unsupported operating systems and unauthorized software but can be prevented by applying regular security updates and patches. Then, employees using their own devices for work, which may not be encrypted.
Also, not employing a SysAdmin, who is crucial for monitoring for suspicious activity and breaches. Providing all employees unlimited access to data instead of restricting it to what an employee requires to perform their job.
Possibly the biggest positive impact to securing your critical data can be employee awareness training for modern security threats. Opening malicious attachments, clicking dangerous advertising links, and weak passwords all pose commonly exploited risks. Conduct security training at the time of hire, regular company-wide training, and attack simulation. Require regular password changes and enable two-factor authentication for additional security.
Fraudsters will often use a fake card with a non-working magnetic strip, claiming that "it worked yesterday" and ask that the transaction be processed without the card. SMEs would do well to authenticate the identity of such a customer as well as to authenticate an alternate payment method.
While traditional POS systems, such as Square and GoPayment are more secure, it still doesn't mean they are immune to fraud. Luckily, this is where modern technology comes to the rescue, with encryption, two-step authentication, virtual tokens and especially biometrics providing means of identification that fraudsters cannot deceive easily.
The Price of Chargebacks
Chargebacks occur when a
customer refuses to accept responsibility for a charge made to their credit
card. When a chargeback request is made, banks can forcibly require an SME to
give money back to the customer whereas at the same time the cardholder is
under no obligation to return the purchased goods.
While the purpose of chargebacks is to protect customers and encourage transparency, they can also be misused by fraudsters. Each chargeback can not only cost an SME money but also damage its reputation.
Best security practices for defending against chargebacks work on the "know your customer" (KYC) principles: SMEs require customers to provide data that can be used to confirm their identity during transactions. KYC can include passwords or fingerprints, but modern technology can also confirm customer identity by assessing the way they type or even move their mouse cursor.
Is Data Secure?
Unfortunately, even though mobile payments allow SMEs to provide great experience to their customers, the process is also a ripe target for cyber attacks as nearly 70% of SMBs experience cyber attacks. And, unfortunately, cyber attackers seem to be indifferent about the size of your business.
A hacked mobile payment system can provide a thief with credentials as well as allow them to insert malicious code, tamper with security features or even give them enough access to reverse-engineer their applications which can lead to further damage.
The Payment Card Industry Data Security Standards (PCI DSS) were developed to combat these threats. The standards are applied to credit and debit cards and require an SME to meet a list of criteria including taking measures to maintain a secure and monitored network with strong access controls as well as maintaining an information security policy.
SMEs also need to keep in mind that protection needs to be extended to their customers as well. After all, data theft can happen not just on the SME's side, with breaches into its proprietary data - cyber criminals can just as easily target an SME's customers and the data on their devices.
Security Pays More Than It Costs
SMEs that implement best possible security practices are certain to experience strong business growth since safety and security always increase customer satisfaction and lead to repeat business and increased sales.
Good security also reduces costs - after all, if an SME prevents fraud and data breaches, it doesn't have to pay fines and provide refunds.