Although an overwhelming majority of small and mid-sized companies (86 percent) care about keeping customer credit card information secure, nearly two-thirds of them (60 percent) are clueless about their liability when customer data goes missing, according to a recent research study. Equally alarming, even more of them (64 percent) believe that their business is not at risk.
The survey showed that there’s significant confusion among retailers about the liability costs in the event of a data security breach . More than 60 percent of smaller merchants don't realize that credit card companies are authorized to fine their business a per-card fee for every card that has to be cancelled if it is determined that their company is the source of the data breach.
According to another study, the average costs for merchants coping with data breaches in 2009 rose to $6.7 million, with a cost per customer record data breach estimated at $204.
The retailers surveyed by the National Retail Federation and First Data, an electronic payments processer, were not much better prepared when it comes to taking precautionary measures. While two-thirds (66 percent) of them claimed to be aware of the Payment Card Industry Data Security Standard (PCI DSS), only about half (49 percent) had completed a self-assessment at the time of the survey.
Among those who had heard of PCI DSS, 42 percent didn’t know that merchants are obligated to conduct the self-assessment annually and 41 percent hadn’t heard of the recent change in the regulations.
More than 4 percent of the companies surveyed said they had been a victim of one of the types of fraud listed in the survey, which included physical theft or tampering with terminals, computer viruses and employee theft or misuse of credit card data. Although the percentage is low, it equates to a potential one million small businesses being affected. According the figures from the federal government, there are approximately 24.6 million small businesses currently operating in the U.S.
“The finding we found most intriguing was the confusion around the potential liabilities in the event of a data breach,” said First Data’s Mark Herrington. “We’re confident that continued education in the payments industry will raise awareness of the importance of annual self-assessments and the right mix of data security and fraud prevention tools.”
- Small Business Need to Practice Safe Tech Habits
- Small Business Owners Donât See Themselves as Cybercrime Targets
- Q&A: How to Cut Your Company’s Credit Card Fees
Reach BusinessNewsDaily senior writer Ned Smith at firstname.lastname@example.org. Follow him on Twitter @nedbsmith.