Data breaches are increasing at an alarming rate. Almost all businesses including finance companies, banking institutions, eCommerce stores and tech giants have been a victim of cybercrime. A 2016 Data Breach statistical study represents that “The retail industry accounted for 102 breaches and 16.3 million compromised data records.”
There’s a reason why eCommerce industry is an easy target for phishers. According to Forrester Research, eCommerce sales are expected to reach $370 billion by 2017, most of which will be powered by mobile and tablet devices. This will induce increased investment in the retail sector in the coming years. And as more number of retail businesses go online, the chances of security threat increases as newly set up businesses do not implement strong security measures to prevent themselves against cyber attacks. eCommerce based frameworks like WooCommerce and Shopify have their own security measures in place. Magento website development with Magento 2.0 gives great emphasis on security to minimize data breaches.
However, eCommerce businesses must take the risk of a security breach seriously and understand its impact on their business. A security breach can result in the exposure of customers personal details and credit card information, leakage of business trade secrets or in the worst case, cause your business to go bankrupt. Apart from that, there’s a series of unavoidable and costly actions that are triggered as soon as a data breach in your business is detected or reported. Let’s understand each of those actions in detail.
Mandatory forensic examination:
As per the bank or card association norms, a merchant suspected of having a data breach, is required to undergo a forensic examination to determine if a data breach has actually occurred and if so, to what extent. The merchant needs to hire an outside examiner to investigate the data breach which may last from days to weeks or more. During the investigation, you may have to shut down your POS (Point of Sale) system in order to preserve the evidence for the examination.
Notification of customers:
In case of a data breach, where financial information has been compromised, most states require the merchant to notify their customers and the state attorney general, if required. The process of sending notifications to customers may cost thousands of dollars depending on the number of customers you have. Additionally, you may have to write multiple letters to each customer and post it to their respective locations to ensure adequate communication with them.
Credit monitoring for affected customers:
If the data breach has affected any of your customers, you may have to provide them credit monitoring or counseling services for a year.
PCI compliance fines:
Verizon in a 2015 report, stated that “Of all the data breaches that our forensics team has investigated over the last 10 years, not a single company has been found to be compliant at the time of the breach.” During the forensic examination, if your business is found to be non-compliant with the industry regulations at the time of the data breach, the bank or card associations may levy fines against your business, especially if the cards have been utilized to commit the fraud.
Liability for fraud charges:
Most eCommerce merchants are unaware or assume that they have no liability for the fraudulent use of cards after the data breach has occurred. But this isn’t the case. The lawsuits may claim liability on your business for the data breach.
Card replacement costs:
You may have to bear the costs of reissuing the debit or credit cards of those customers whose payment details were compromised in a data breach.
Upgrade or replacement of POS system:
If the investigation reveals that your POS has been the source of a data breach, you may have to incur cost on replacing or upgrading your existing POS system including software, servers, and card swipe devices.
Reassessment for PCI compliance:
After you replace or upgrade your POS system, an external qualified security assessor (QSA) conducts a thorough PCI assessment in order to qualify your business for accepting card payments again.
The impact of data breach, especially on small businesses can be very costly and long lasting. Besides the impact of data breach mentioned above, there can be many more monetary or non-monetary consequences that can be more damaging to your business. Therefore, it is crucial for every eCommerce business to lay down an effective security strategy and keep up with the ever-evolving threat of security breaches.
If you have any thoughts or feedback regarding data breach of an eCommerce business, feel free to share it with us through the comments.