Small companies are being warned of ‘unprecedented levels of attempted fraud’ at the present time.
Data from payment processing company Worldpay suggests instances of fraud could rocket by as much as 80 per cent in February as hackers start to capitalise on customer data harvested during a hectic Christmas shopping period.
Tim Lansdale, head of payment security at Worldpay says, ‘We see a dip in fraud around Christmas as hackers go on the hunt for information, using the online sales rush to stockpile thousands of customer card details.
‘It isn’t until February that they start cashing in on all the data they’ve collected. Other breaches can last much longer; attackers might decide to keep returning to their targets, sometimes for years.’
During 2011-2014, the average data breach exposed 284 days of card payments. Worldpay’s analysis shows breaches lasting from 11 days at the lowest end of the scale, to 1,723 days at the other extreme.
The company says small businesses are by far the biggest target for hackers, accounting for 85.7 per cent of UK data breaches. Virtually all data breaches (99.3 per cent) happened online, rather than at the point of sale, as the UK’s e-commerce market continues to boom.
In 2014, businesses in the entertainment, hobby and leisure industries accounted for 23.3 per cent of all card data breaches, followed by clothing and footwear stores (16.3 per cent) and jewellery, beauty and gifts (11.6 per cent).
Businesses in the entertainment industry, particularly online ticket booking systems, tend to make easy prey for hackers due to the high number of credit and debit card transactions they process online each day.
The clean-up costs of being targeted can run to tens of thousands of pounds, with a standard investigation costing £11,250 on average, and attracting at least a £8,000 penalty, not including the costs of lost goods and damage to reputation.
Lansdale says, ‘Data breaches can be ruinous, so its vital small business owners know the risks and take the necessary measures to protect themselves and their customers and employees.
‘You wouldn’t leave your store unlocked overnight, yet so few businesses are doing enough to protect their online shop fronts and keep hackers at bay.’
Worldpay advises taking measures such as changing all your default passwords, having a third party host your payment page, and testing your firewalls at least every three months,
Securely destroying all card data records when no longer needed, and avoiding storing the three digits ‘CVC’ number on the back of the card, are also measures that should be observed.