Preventing Security Breaches: Reducing Merchant Risk

Nicholas Ferrari on 04/9/2019

Data breaches are a continual risk for companies of all sizes that must maintain customer data. The situation has now evolved into a question of not if a business will become the victim of a data breach, but when and how many times it will happen. A data breach is defined as, “the intentional or unintentional release of secure or private/confidential information to an untrusted environment.”

The number of high-profile data breach cases making their way into the news serves to underscore that no business, large or small, is immune to the risk of such a breach. According to the Breach Level Index, “945 data breaches led to 4.5 billion data records being compromised worldwide in the first half of 2018.” Security is a top priority for us here at EVO, and that is why we will explore this topic in detail, starting with how data breaches occur and how resellers can arm their merchants to reduce risk.

How Data Breaches Occur

While the effects of a breach can be significant, there are steps that merchants can take to safeguard their most sensitive data while reducing the risk of a data breach. One of the most important steps that a merchant can take is to understand how such a vulnerability can occur. Criminals have developed more sophisticated methods for taking advantage of vulnerabilities inherent to payment systems.

During a transaction, payment card data make its way through several systems and parties as part of the payment process. There are actually two points during the process at which sensitive data may become vulnerable to exposure. First is the preauthorization, in which the merchant captures the payment data and then transmits it for authorization. The second is the post-authorization, in which data is transmitted back to the merchant and then placed in storage.

Negative Effects of Data Breaches

In a study conducted by Ponomon Institute for 2018, “The global average cost of a data breach is up 6.4 percent over the previous year to $3.86 million. The average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8 percent year over year to $148.” Calculate that cost across a large breach, and it becomes clear how devastating a breach could be.

Along with the costs associated with a breach, merchants must also worry about the number of customers that could be potentially lost as a result. According to a survey by digital security company Gemalto, “Fifty percent of consumers say they are unlikely to do business with a company where non-sensitive information was stolen.” Among the most widely publicized of the breaches was the Target breach, which resulted in exposing the debit and credit card data of approximately 40 million customers.

Home Depot is yet another major retailer to be hit by a data breach. In that instance, some 56 million customers are believed to have had their payment information stolen during an attack that spanned a period of around five months. Data breaches can be expensive not only in terms of a company’s bottom line, but also to its reputation.

In spite of such risks, it is not uncommon for small business owners to feel a false sense of security, believing that only major financial institutions and retailers are at risk. According to Small Business Trends, “Forty-three percent of cyber-attacks occur in small businesses. The article adds that a data breach can be catastrophic to such merchants. “Sixty percent of small companies go out of business within six months of a cyber-attack.”

Data breaches and cyber-attacks are never a positive experience. That is why it is important to arm your merchants with the knowledge of what it is, how it occurs, and ways to prevent it. 


Connect with Us

With business activities in 50 markets and 150+ currencies around the world, EVO is among the largest fully integrated merchant acquirers and payment processors in the world.