David Jeffrey, Product Director, Fraud and Security at Barclaycard gives some important advice to SMEs looking to stay safe online.
Protecting against cyber attacks and fraud is vital for each and every small business. Research from Barclaycard found that just one in eight (13 per cent) are confident that they understand enough about cybercrime to protect their business.
Consequently, many small enterprises might be leaving themselves vulnerable to attack. In fact, research by Barclaycard conducted in 2016 found that almost half (48 per cent) have been hit by cybercrime, with 10 per cent suffering repeated attacks. The data breaches that result can, in turn, also leave a business open to fraud as hackers often use stolen data to make payments. To help them protect their brand with confidence, we’ve drawn on our experience of working with SMEs to identify four top tips for staying safe in the digital sphere.
Meet the basic guidelines
Meeting the mandatory Payment Card Industry Data Security Standards (PCI DSS) guidelines is the most straightforward way a business can protect itself from a cyber-attack. These are a set of best practice requirements for storing, processing and transmitting cardholder data which aim to provide a minimum level of security to any business handling card payments. They apply to both manual and electronic transactions, and help to ensure customers’ payment data stays protected and secure.
Meeting the PCI DSS requirements is not an onerous task – and each business can ask their payment provider to guide them through the process. Ignoring these guidelines can not only put businesses at risk, it can leave SMEs liable to fines – so it makes good sense to invest time in getting this right from the outset.
Keep up to date
Hackers are always evolving their techniques, and so to stay one step ahead, businesses should make sure that their cybersecurity systems and technology stay up-to-date. From a card acceptance perspective, most of the breaches we see are the result of SMEs failing to apply updates to their computer programs as soon as they are released.
These updates, or patches, work by fixing identified weaknesses that could be exploited by hackers, and protect SMEs from common methods of attack. These include ‘Structured Query Language’ (SQL) injections, or inserting lines of computer code to access databases and gather user information. To bolster their defences, we recommend that businesses use the latest security software available and continually install the relevant patches. The updates are free and as simple as clicking a button.
Don’t try and go it alone
Seeking advice from industry experts is crucial. More than one in ten small businesses (12 per cent) think it’s their payment provider’s responsibility to protect them from an attack – so choosing the right partner is key.
SMEs should always get professional support, rather than trying to tackle security and fraud issues alone – doing so leaves them more susceptible to cybercrime. While bespoke services are available, the costly premiums involved aren’t always worthwhile. Instead, consider choosing a partner that has standardised products and services that can be scaled up or down to suit the size of the business, at a realistic cost.
Strike the right balance
Even if a SME does not suffer a cyberattack, hackers may try to use stolen data on their website – potentially generating substantial losses. That’s why it’s important to strike the right balance between monitoring for suspicious activity and responding to consumer demands for instant payments which will help ensure a seamless customer experience.
While this may seem like a challenge, working with a payment provider can help to lessen the load. They can not only help businesses spot some common red flags, such as purchases where the delivery location is different to the cardholder’s address or abnormally high value transactions, but also suggest other fraud screening rules specific to each business based on patterns in their transaction data. By including the most appropriate set of rules, SMEs can keep bad transactions out and minimise declines on genuine purchases. This will allow businesses to maintain strong defences while boosting their bottom line.
The world of cybersecurity and fraud prevention can seem complicated, but putting the right measures in place needn’t be daunting. By weaving these steps into their everyday activity, small businesses can ensure that they and their customers are well protected.