E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


RESULTS FROM SMALL BUSINESS DATA SECURITY STUDY: CONFUSION ABOUT LIABILITY

Source: BusinessWire

Posted on January 18, 2011

The National Retail Federation, the world's largest retail trade organization, andÊFirst Data Corporation, a global leader in electronic commerce and payment processing, today released results from a research study of data security and fraud prevention strategies practiced at small to mid-sized retailers. Most of the retailers surveyed had annual sales of less than $100,000. The analysis was revealed during the NRF Big Show 2011.

An overwhelming majority of respondents (86%) stated they care about keeping their customer card information secure and feel payment card data security is important to their business. But almost two-thirds (64%) believe that their business is not vulnerable to credit/debit card data theft and 60% are unaware of the costs they could incur in the event of a breach.

PCI Awareness and Liability

While two-thirds (66%) of respondents to the survey claimed awareness of the Payment Card Industry Data Security Standard (PCI DSS), only 49% of respondents had completed a self-assessment at the time of the survey. Among those who had heard of PCI DSS; however, 42% did not know that merchants are obligated to conduct the self-assessment annually and 41% had not heard of the recent change in regulations.

The survey also showed there appears to be some confusion among retailers regarding the liability costs in the event of a data security breach. More than 60% of these smaller merchants did not realize that credit card companies are authorized to fine their business a per-card fee for every card that has to be canceled if it is determined that they are the source of a data breach. According to theÊ2009 U.S. Cost of a Data Breach StudyÊby the Ponemon Institute, the average cost for merchants coping with a data breach in 2009 rose to $6.7 million with the cost per customer record breached estimated at $204.

Data Security and Fraud Prevention Strategies

Most of the specific data security and fraud prevention practices cited in the survey were familiar to the majority of respondents with several of the strategies already integrated into their business operations.

Restricting physical access to cardholder data and using anti-virus software were the two most frequently reported protection methods (76%). Other practices toward the top of the list were restricting access to cardholder data by business need to know (67%); developing and maintaining secure systems and applications (64%); and maintaining a policy that addresses information security (63%). Of those who electronically-store cardholder data, 68% also take steps to protect that data and 53% use encryption technology.

Experience with Fraud and Security Incidents

More than 4% of respondents reported having been a victim of any one type of fraud listed in the survey. Although the percentage appears low, it equates to a potential one million small businesses being impacted. The latest Federal data estimates there are approximately 24.6 million small businesses currently operating in the United States.

Physical theft or tampering with terminals and computer viruses, including malware, were the top two fraud and security incidents experienced by respondents at 37% and 22%, respectively. Employee misuse or theft of card data accounted for another 17% of incidents.

"Our survey results illustrate that smaller retailers take protection of their customers' sensitive payment card data very seriously and continue to add more layers of security to their business operations," said Mark Herrington, senior vice president of Global Product Management and Innovation, First Data. "The finding we found most intriguing was the confusion around the potential liabilities in the event of a data breach. We're confident that continued education in the payments industry will raise awareness of the importance of annual self-assessments and the right mix of data security and fraud prevention tools."

Data from the Small Business Data Security Study was fielded online from Oct. 26 through Nov. 19, 2010. The majority of survey respondents (89%) represented less than $500,000 in payment card sales annually through both card-not-present (CNP) and in-person transactions. A total of 651 small and mid-sized merchants completed the survey.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.