Death by 1,000 breaches: SMBs, customers desperate for adequate security tools

Summary:While high-profile incidents at Target and Neiman Marcus generate the most headlines and anxiety, small businesses and their customers remain the most vulnerable to security breaches – and also the most underserved.

Payment-processors-ISOs-customer-data-security-technologies-for-SMBs

Only 44 percent of banks, payment processors and merchant service providers are currently offering state-of-the-art security tools and services to small businesses despite the virtual pandemic of data breaches afflicting consumers worldwide, according to a new survey from payment security and compliance solutions provider ControlScan and the Merchants Acquirers' Committee.

Among the MSPs, ISOs and acquirers that are providing additional security solutions to small businesses, basic security technologies such as tokenization and point-to-point encryption are the most common additional solutions offered.

"The latest acquirer survey reveals great opportunities for MSPs, including the ability to offer merchants risk-reducing tools as well as justification for being more aggressive in charging non-compliance fees," Susan Matt, CEO of payments consulting firm ThoughtKey, said in the report. "MSPs who seize these opportunities will achieve greater risk reduction overall, gain revenue and ensure merchant retention."

More often than not, small and midsize businesses are merely provided access to the Payment Card Industry-required self-assessment questionnaire and some limited external vulnerability scanning tools.

In other words, it's often way too little and way too late.

Network security software provider Fortinet last month issued an equally sobering research report that found that among 100 SMBs with less than 1,000 employees, 22 percent were not in compliance with PCI DSS and another 14 percent didn't know if they were compliant or not.

Meanwhile, millions of holiday shoppers are still receiving new debit and credit cards in the wake of organized attacks on customer data at leading retailers including Target, Neiman Marcus and Michaels Stores.

"Today’s threat environment challenges merchant service providers to take a fresh look at their PCI programs," said Heather Foster, vice president of marketing, ControlScan. "Small merchants in particular need guidance in terms of readily-available technologies and services that reduce PCI scope and support a strong security posture."

But for most small and midsize businesses, their inability to effectively respond to or protect against cyberattacks is primarily the result of limited IT budgets .

The survey did find that MSPs are seeing improvement in small-merchant PCI compliance validation – respondents said their portfolio compliance rates are now above 40 percent – but that has also coincided with a 23 percent spike in breach incidents within their merchant networks.

Topics: Security, E-Commerce, Privacy

About

Larry Barrett is a freelance journalist and blogger who has covered the information technology and business sectors for more than 15 years. Most recently, he served as the online news editor for 1105 Media's Office Technology Group and as the online managing editor for SourceMedia's Investment Advisory Group publications Financial Pl... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.