According to a new report, 85 per cent of all credit and debit card breaches were attributed to small and medium sized businesses.
Payment processor firm Worldplay have released their fourth annual payment security report which reveals that SMEs lack the necessary security requirements to stay protected against card fraud.
In the report Worldpay define a small business as a company who process less than 20,000 transactions per year, per card scheme. The report found that in 2014, 85.7 per cent of all breaches involved small businesses and only a very small percentage accounting for large businesses.
There were over 15 causes for card fraud last year, with footwear and clothing being the most affected sector, overtaking the pharmacy and beauty industry. The two highest causes of card fraud last year were SQL injection and malicious web shells.
An SQL injection is where a hacker creates error messages on the search box in your company’s website. The information in these error messages can enable hackers to start piecing together how an SQL database is configured, allowing them to ask more directed queries to extract card data from the website.
Malicious web shells are when a hacker exploits vulnerabilities in a website to insert a piece of ‘PHP’ code unnoticed. The malicious web shell then harvests card data and transmits it to the hacker.
‘‘The UK’s largest companies have made great strides to improve their payment security but small businesses are still falling behind and being targeted as a result. Businesses of all shapes and sizes should be taking the necessary measures to protect themselves and their customers and employees,’’ said Tim Landsdale, Worldpay’s head of payment security.