E-commerce payment systems accounted for a sizable chunk of credit card fraud instances in 2010, with smaller merchants and retailers representing the biggest targets for criminals intent on stealing debit and credit card information according to a new report from Trustwave.
The web security firm’s report “Payment Card Trends and Risks for Small Merchants” says that 90 percent of all card-security compromises in e-commerce last year involved Level 4 merchants, which comprise the smallest of the four designations given to retailers by the likes of Visa and MasterCard.
“Taken at face value, this might surprise most readers,” says the report. “Though there are attacks that target large, well-known businesses, many attackers look for vulnerable systems. These attackers are often able to find common and easy-to-exploit vulnerabilities in the systems of Level 4 merchants because small businesses generally have devoted few resources to protecting those vulnerable assets.”
Level 4 retailers typically process less than 1 million total payment card transactions each year and less than 20,000 e-commerce transactions annually.
Trustwave’s report doesn’t provide any specific guidelines for how retailers can improve their security. However, it does point out numerous failures on the part of smaller merchants to comply with the Payment Card Industry Data Security Standard, the industry’s collection of data security rules.
The report, for example, says that 98 percent of small merchants both fail to maintain the firewalls that are designed to protect payment information AND fail to regularly test how secure their card-protection systems are. Furthermore, 75 percent don’t protect that payment data that they store.
These failures, either on their own or collectively, most certainly heighten the chances that a smaller retailer can be the victim of cyber crime.
Overall, e-commerce payment systems accounted for 9 percent of the total security compromises in 2010. Point-of-sale software used by brick and mortar merchants accounted for 75 percent of the compromises. Employee workstations (11 percent) and ATMs (2 percent) were also part of the equation.
The lesson is quite clear though. Smaller and mid-sized retailers must devote as much time and resources to payment system security as the big boys. Consumers these days are more often than not looking for the best price available and will consider both large and small merchants as they do their research without the knowledge that the security protocols in place often differ between the two.
Leave us your comments below!