Which Retailers Are Most Vulnerable to Data Breaches?
What Are Data Breaches?
A data breach is an incident in which confidential information — credit card numbers, Social Security numbers, addresses, etc. — falls into the hands of people who are not authorized to have it.
Often, this happens when criminals breach your network by hacking your software or POS system, but that's not the only way a data breach happens. In fact, the following scenarios are all considered data breaches:
- Theft of laptops, computers, and mobile phones that contain customer data.
- Theft of POS devices (iPads or cash registers).
- Network hacks carried out by cyber criminals.
- Theft by POS skimmers (devices attached to your card readers used to steal data as your customers swipe their cards).
- Hacks into email, cloud, or online sales accounts that store business records.
- Improper employee access of sensitive customer information.
We'll go over these threats in more detail in the section, "How Do Data Breaches Happen to Retailers?" For now, let's just take one as an example: laptop theft.
Many small-business owners don't realize that a stolen laptop could actually count as a data breach. Remember that as a storeowner you have to protect your customers' data, not just their credit card info. Your laptop's hard drive might contain customer records, mailing lists, and other protected data.
If that's the case, you may be legally obligated to inform customers their data has been compromised. You weren't "hacked," and the thief may have no intention of committing fraud, but your customers' data is now in someone else's hands and you may have to report the breach.
Why Data Breaches Are More than Just Stolen Data
When we talk about data breaches, we're really talking about fraud. Criminals steal data in order to commit fraud against your customers. By stealing addresses, credit card info, or other data, criminals could…
- Commit identity theft against your customers.
- Make purchases under a customer's name.
- Apply for loans.
- Steal money directly from your customers' bank accounts.
Fraud: (noun) a deliberate deception, perpetrated for unlawful profit or gain
Say your company is hacked and you lose credit card records for 100 customers. Compared with the mega-breaches you read about in the news, this breach is tiny. Cyber criminals may end up only using a few of those customers' credit cards illegally. But even for a small attack with minimal financial loss to your customers, your store will rack up data breach expenses. You might have to pay for…
- IT experts to look over your payment system, find out how it got hacked, and fix it.
- A year of credit monitoring for all 100 customers (even if only one or two were victims of identity theft — after all, some damage could happen down the road).
- Notification of all affected customers and resources for handling their complaints.
In addition to the time, expense, and headache that come with a data breach, you'll also have to deal with the reality that your business just suffered a devastating blow to its reputation.
When you look at a data breach this way, it's easy to see why it has little to do with data — it's the cost that comes along with breaches that make them so harmful to retailers.
Next: What Is a Hacker?