Robert Siciliano Identity Theft Speaker
Payment processor data breaches have dominated the news. A recent study says that may change.
Study says small to medium businesses are the criminal hackers new target. This should come as no surprise as large enterprise networks have become hardened.
Over the past few years criminal hackers have acted as hornets attacking an unassuming passerby and swarming enterprise networks. Big business in response has allocated billions in funding for technology and talent to thwart their sting.
Now in 2009 enterprise defense is the best its ever been, still lax, but in the game, the past of least resistance has become SMB’s. Your moms and pops simply don’t have the resources including deep pockets to keep up.
Studies by the International Council for Small Business show one fifth of small businesses aren’t equipped with such basics as McAfee antivirus software. Further as much as 60% don’t even have wireless encryption activated. What is most disturbing, but not surprising to this security analyst is they learned two thirds don’t have a security plan in place.
These same SMB’s when polled overwhelming have it in their heads that it’s big business that’s to worry, that they aren’t the targets. However this same study shows that 85% of fraud related to criminal hacks occurs within this exact targeted group.
The National Retail Federation stated Level 3 businesses are only 60% compliant and Level 4’s are even less than secure.
PCI Compliance, a Visa based organization regulating merchants, whose goal is compliance to prevent credit card fraud, recognizes retailers at different levels. Level 1 processing 6,000,000 Visa transactions per year, Level 2 – 1,000,000 to 6,000,000, Level 3 – 20,000 to 1,000,000, and Level 4 – fewer than 20,000.
Many security issues stem from the SMB’s lack of resources coupled with their shift to online transactions and the merchants handling and storing of their own data.
The responsibility some say should be shifted back to the banks to handle these transactions.
One additional recommendation for these Level 3 and 4’s is to adopt a strategy where in many cases the merchant never handles the credit data at all. The merchant would have an online presence and while the process includes the merchants shopping cart, the credit card transaction is diverted to the bank server never touching the merchant.
I’m one of those Level 4 merchants and participate in this same strategy. All orders are taken online and nobody handles client credit card data. PCI compliance was and is a breeze. No hiccups.
While this is practical for some, it’s just not so for others which means those same SMB’s need to get their act together NOW, because criminal hackers are watching.
Identity Theft Speaker Robert Siciliano discussing data breach Here
I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.