LONDON – 1st February 2015 – Small businesses are being warned to be on their guard in February, with payments expert Worldpay predicting “unprecedented levels of attempted fraud”.
Data from Worldpay, the UK’s leader in payment processing, suggests instances of fraud could rocket by as much as 80% in February as hackers start to capitalise upon customer data harvested during a hectic Christmas shopping period.
Tim Lansdale, Head of Payment Security at Worldpay, said: “We see a dip in fraud around Christmas as hackers go on the hunt for information, using the online sales rush to stockpile thousands of customer card details. It isn’t until February that they start cashing in on all the data they’ve collected. Other breaches can last much longer; attackers might decide to keep returning to their targets, sometimes for years.”
During 2011-2014, the average data breach exposed 284 days of card payments. Worldpay’s analysis showed breaches lasting from 11 days at the lowest end of the scale, to 1,723 days at the other extreme.
Worldpay says small businesses are by far the biggest target for hackers, accounting for 85.7% of UK data breaches. Virtually all data breaches (99.3%) happened online, rather than at the point of sale, as the UK’s e-commerce market continues to boom.
In 2014, businesses in the entertainment, hobby and leisure industries accounted for 23.3% of all card data breaches, followed by clothing and footwear stores (16.3%) and jewellery, beauty and gifts (11.6%). Businesses in the entertainment industry, particularly online ticket booking systems, tend to make easy prey for hackers due to the high number of credit and debit card transactions they process online each day.
The clean-up costs of being targeted can run to tens of thousands of pounds, with a standard investigation costing £11,250 on average, and attracting at least a £8,000 penalty, not including the costs of lost goods and damage to reputation.
“Data breaches can be ruinous, so its vital small business owners know the risks and take the necessary measures to protect themselves and their customers and employees. You wouldn’t leave your store unlocked overnight, yet so few businesses are doing enough to protect their online shop fronts and keep hackers at bay,” said Lansdale.
Small business fraud check-list:
- Have you changed all your default passwords, so they’re harder for someone to guess?
- Is your payment page hosted by a third party? Hosting your own can be less secure.
- Do you test your firewalls at least every three months, or get a security professional to test for you?
- Do you securely destroy all card data records when no longer needed i.e. pulping/shredding/incinerating?
- Are you avoiding storing the three digits ‘CVC’ number on the back of the card?
Notes to editors:
Figures are based on card data breaches which occurred for Worldpay customers between 2011-2014.
For more information please contact:
Sophie Bent, Manager, Golin: T +44 (0) 207 067 0558.
Emily Lahey, Senior Communications Manager, Worldpay: T +44 (0) 203 664 5663.
About the data
Figures quoted are according to data breaches suffered by Worldpay’s SME customers from 2011-2014. In 2013, Worldpay processed 44% of all UK card transactions (based on market data provided by the UK Payments Administration).
Worldpay is one of the world’s leading independent payment processing companies. The Worldpay Group has three operating divisions: ecommerce, Worldpay US and Worldpay UK.
Worldpay UK, the UK’s leading payment processor, helps businesses of all sizes sell more to their customers
– by accepting credit and debit card payments in-store, online, via mail or telephone, and on the move. In 2013 Worldpay handled 44% of all card payments made in Britain.
Across the Worldpay Group, we process over 8.4 billion transactions every year, and our online payment options cater for over 200 payment types in 115 currencies. www.worldpay.com/uk