Hackers are expanding their sites beyond big companies to include any business that stores data in electronic form. For small businesses, the impact could be crippling. Geoffrey Fowler reports for the Wall Street Journal:
Unbeknownst to owner Joe Angelastri, cyber thieves planted a software program on the cash registers at his two Chicago-area magazine shops that sent customer credit-card numbers to Russia. MasterCard Inc. demanded an investigation, at Mr. Angelastri's expense, and the whole ordeal left him out about $22,000.
Clayton Hauck for The Wall Street JournalJoe Angelastri, owner of City Newsstand in the Chicago area, is out $22,000 because cyber hackers attacked his stores' payment system.
His experience highlights a growing threat to small businesses. Hackers are expanding their sights beyond multinationals to include any business that stores data in electronic form. Small companies, which are making the leap to computerized systems and digital records, have now become hackers' main target.
"Who would want to break into us?" asked Mr. Angelastri, who says the breach cut his annual profit in half. "We're not running a bank."
With limited budgets and few or no technical experts on staff, small businesses generally have weak security. Cyber criminals have taken notice. In 2010, the U.S. Secret Service and Verizon Communications Inc.'s forensic analysis unit, which investigates attacks, responded to a combined 761 data breaches, up from 141 in 2009. Of those, 482, or 63%, were at companies with 100 employees or fewer. Visa Inc. estimates about 95% of the credit-card data breaches it discovers are on its smallest business customers.
Hacking at small businesses "is a prolific problem," says Dean Kinsman, a special agent in the Federal Bureau of Investigation's cyber division, which has more than 400 active investigations into these crimes. "It's going to get much worse before it gets better."
We can protect your business and investments with new free tools available to FDIS Payment Connection Customers like TransArmor.
How is the information protected at the point of capture with First Data® TransArmorSM?
– Data is protected at the point of capture using industry standard public private key encryption methodologies.
• Data is automatically protected using built-in public encryption key technology in First Data’s hardware devices.
• The private key used to decrypt the card information in First Data’s authorization switch is tightly controlled within First Data. Public keys are only used to encrypt card data prior to transmission and cannot be used to decrypt that information.
• Private keys are used for decryption and will not be provided to anyone outside of First Data. First Data will own the public private key pairs for this service.
How do merchants handle returns with First Data TransArmorTM?
– Processing returns with First Data TransArmorTM will follow the same procedures that a merchant uses today to process a return. In most instances, the card will simply be swiped through or key entered into the POS device. The data will be immediately encrypted until it is sent to First Data for processing. When it is sent to First Data, it will be decrypted and tokenized. The token will be delivered to the merchant and the financial transaction will be processed through the First Data system.
Will there be any changes to the PAN/cardholder detail in ClientLine?
– At this time there are no changes to the PAN visibility in ClientLine, the users default to seeing the cardholder number masked in all placed EXCEPT the lowest level of detail where the full 16-digit PAN is available.