Fear Not the Mega-Breach (it’s the little ones that’ll get you)

John Gunn, October 15, 2014

A few years ago, the words hacking and breach weren’t used often in everyday conversation, and the victims were someone other than you. Following massive data breaches at Target, Home Depot, Neiman Marcus, Jimmy John’s and others, and have a majority of Americans impacted by hackers stealing credit card numbers.

It may sound counter-intuitive, but this is not your biggest risk. I made regular purchases at three out of the four above merchants and I know my credit card numbers were comprised. So, I got new cards, changed my passwords and watched my bank statements like a hawk – my guard was up and I was ready for battle.

But what about the breaches that don’t make the news? Don’t think there aren’t breaches at the small chains and independent restaurants where you use your credit and debit cards. This is where the real risk lies and here’s why:

  • Smaller shops simply can’t make the investment in security that the big retailers can. They often don’t have the money, time or people needed to implement the security measures necessary to keep their data protected. Hacker can consolidate stolen credit cards and sell them in secondary markets called the darknet
  • Hackers don’t attack only big stores, but those are the only ones that make the news. Smaller shops are beneath the radar and they often don’t report hacks so you’d never know your credit card was taken by hackers. And let’s face it. A hack at your neighborhood store is certainly not going to make the news.
  • Enforcement of breach notification laws for small business is lacking, and even PCI compliance requirements are weak. According to the Ponemon Institute, 55 percent of small businesses in the United States have had a data breach, but only 33 percent of them notified the people affected, even though 46 states require some form of notification.
  • Since you’re not watching your statements or requesting a new card, it is much easier to miss fraudulent charges on your bank statements, and that’s where you lose.

So, the next time you frequent your favorite neighborhood shop, understand that what you don’t know can hurt you. Just because it’s not on the news doesn’t mean it doesn’t happen, and it’s a false sense of security to think that small businesses are a less appealing target for hackers.

As a consumer and a foodie, I love to frequent local Chicagoland businesses as much as I can, and I still plan to, but now I’m going out with a little more vigilance.

John Gunn is OneSpan’s CMO and brings two decades of leadership experience in the IT security and software segments. Before joining OneSpan, John led the Security Solutions Group at Harland Clarke where he launched a popular SaaS consumer identity protection and anti-fraud solution.