Shortly after Target announced that customer data had been stolen from their system last year, my husband received a new credit card in the mail. Accompanying the card was a letter that effectively said, “just in case.” While the credit card company didn’t explicitly mention Target’s security breach, the timing and phrasing of the letter made it clear what prompted them to issue the replacement card. My father’s smaller bank, however, chose not to replace his card until and unless fraudulent charges appeared—which they soon did. It’s impossible to say with one-hundred-percent certainty that the fraudulent charges on my father’s card were due to the Target security breach, but it seems likely. Another time, a swarm of my husband’s coworkers complained of unauthorized charges on their cards. Turns out they’d all swiped at the same coffee shop down the street from their office. The shop owners admitted that, yes, their system had been hacked.
There was a time when these kind of retail security breaches were surprising, but that’s no longer the case. Data breaches continue to be alarming, yes, but not really surprising. In fact, there’s been a veritable string of breaches lately. Let’s consider some of the retailers who admit to having been compromised in just the last few months. There’s Target Corp, of course, but Neiman Marcus also had a security breach during the holiday shopping season. In January, the craft store Michaels announced that it may have experienced a breach and the Secret Service launched an investigation—though I haven’t yet found a definite answer to whether or not an actual breach occurred; I think the investigation is still underway. A security breach at Sally Beauty is also currently being investigated, as is one at online retailer NoMoreRack.com.
These are just the big names. Security breaches like the one at the coffee shop down the street from my husband’s office rarely make the news, but this particular café was not the first or only small business to ever have been hacked or infected with malware. Nor is the problem exclusive to retailers. Earlier this month, the Californian Department of Motor Vehicles confirmed that they had been “alerted by law enforcement authorities to a potential security issue within its credit card processing services,” though as of this point the DMV seems to be avoiding any admission of culpability.
In this time of seemingly rampant customer data security breaches, what is a small business owner to do? I don’t have a concrete answer, but I do have some common sense advice.
One: do everything in your power to keep customer data secure by maintaining strict security standards with your POS system.
Two: have a plan in place for how to respond if customer data is compromised—just in case. Neiman Marcus, for example, seems to be handling their data breach with as much class as possible. Here, the company clearly outlines the problem, the steps they are taking to rectify the situation, as well as the actions affected or concerned customers can take. Target has a similar website.
By Alex Mehler
(Editors note: Many of our links in this article go to the Krebs On Security website. They do an excellent job of bringing news about security issues public. We highly recommend the site. )