Simple Questions to Assess Your Security Risk
You work hard year after year to maintain a pristine business reputation. Trust and reliability are cornerstones of your relationship with your customers. You realize that without them, you won’t be in business for very long. Then one day, the unthinkable happens. Some cybercriminal from who-knows-where detects a vulnerability in your environment, and in the blink of an eye, you’ve suffered a data breach. Now what happens?
It is a story we hear all too often, and the ending is not always happy. Sometimes trust and reliability fly right out the window along with customers’ personal information. Other times, hard-earned business reputations suddenly become woefully marred – taking years of concentrated effort to restore.
The Threats are Real
According to an article last month in TechRepublic, more than 3,800 data breaches have hit organizations so far in 2019. This is an increase of 54% over the last four years. Another unsettling trend is that small businesses continue to be primary targets – currently experiencing 43% of all cyberattacks.
While these stats are alarming, there are steps you can take to better protect your business and your reputation from harm – starting with understanding just how vulnerable you are to a cyberattack.
How Vulnerable is Your Business?
The last couple of posts have centered on evaluating the health of your merchant services program from the perspective of payment processing costs and payment service and support. Today, we’ll focus on security and risk.
The following questions will help you determine the level of risk in your payment environment.
1. Do you have a risk management strategy?
Having a risk management strategy simply means that you have developed a structured approach to identifying, assessing, and managing risk, particularly risk associated with chargebacks and fraudulent activity. For whatever reason, many processors neglect to even discuss the subject of chargebacks with their merchant customers. But your chargebacks can be quite costly to you if your payment processor doesn’t provide timely notification and support for resolution.
Questions you should ask your payment processor:
- What tools are engaged to mitigate chargeback risk?
- What is the process for notifying your merchants and helping them resolve chargeback issues?
- What kind of monitoring is in place to detect questionable payment activity?
Your payment processor should be addressing all payment related risk with you on a regular basis. If that’s not happening, you may want to consider a more discerning payment processing partner.
2. Are you PCI compliant?
People tend to yawn at this question but compliance with the data security standards established by the credit card companies is always a good idea. It enables you to safely accept electronic payments while staying a step ahead of the progressive tactics and ever-growing threats from cybercriminals. According to the 2018 Verizon Payment Security Report, the percentage of PCI compliant organizations is actually on the decline. In fact, slightly less than 40% of organizations in the Americas are fully compliant with this standard.
This is rather alarming because not only is PCI compliance a critical first step to data security but there are serious financial ramifications for organizations that are not compliant. Often a monthly non-compliance fee is assessed by payment processors and hefty penalties may also apply should a breach happen. These fines are much greater and can potentially reach millions of dollars depending on the specific circumstances. Moreover, non-compliant merchants are fully responsible for notifying customers, paying for card re-issuance, and funding credit monitoring for those affected by the breach. Considering all of that, non-compliance makes zero financial sense.
Questions you should ask your payment processor:
- How do you assist your merchants with becoming PCI compliant?
- Do you notify me when it’s time to renew and help me with the renewal?
- Are you monitoring my environment?
3. Do you have breach protection today?
Even though you do all the right things to protect your business, the truth is, it’s not entirely impenetrable. If you accept electronic payments, your customers’ data is a highly valued target for cyber thieves, and they will continue to look for ways to get at it.
Just like with your home. Locking your doors, turning on lights when you leave, and even installing a security system may significantly reduce the likelihood of a burglary but it does not eliminate the risk completely. Although, if a break-in does occur and you lose some valuable possessions, homeowners insurance comes in quite handy.
The same thing applies to your business. While you hope you never need it, having breach protection insurance provides you with a safety net. It typically costs only a few dollars a month for a $100,000 policy – money well spent should the unthinkable occur.
Questions you should ask your payment processor:
- Do you offer breach protection to your merchants?
- How much is the monthly cost?
- What does it cover?
What Your Answers Mean
If you’ve answered “no” or “I don’t know” to questions 1, 2 or 3, you are very likely operating in high-risk environment. My recommendation is to pick up the phone, call your payment provider and ask the payment processor questions noted above. If you get a “no” or “we don’t do that” to any of those questions, it’s time for a new partner.
Remember, a vulnerable payment environment is where trust and reliability go to retire. Don’t take risks with your customers, your reputation, or your business. Take charge of your security because no one will do it for you.
