CHICAGO -- Keeping small merchants safe from data breaches doesnt have to break the bank.
Its a misconception that it has to cost a lot of money, ControlScans Chris Bucolo said here yesterday at Midwest Acquirers Association 11th Annual Conference. Most attacks are not that sophisticated, and so theyre not hard to block.
Simply changing passwords can foil cyber thieves who cruise the internet trying to guess what words will give them access to sensitive data, Bucolo notes, adding that a regional retailer with 20 stores and a single password can provide a bonanza for thieves.
Instituting security measures in stages spreads the cost and eases the pain for merchants, he suggests.
It has to be something that they can swallow economically, Bucolo says. You have to win their confidence first.
Merchants can save money by dividing employees into categories based on how much they need to know about security and providing only as much training as necessary.
For $60 to $70 a month, merchants can have a managed network firewall that greatly reduces the chance of a breach, he says.
Besides firewalls on the main system, defenses should include firewalls on remote devices, Bucolo advises.
Avoid using point of sale systems to browse the internet, he warns retailers.
Ensure that all third-party service provide are observing best practices, he says
And independent sales organizations and sales agents can help by making sure clients comply with Payment Card Industry data security standards, Bucolo maintains.
ISOs find that incentives can help persuade merchants to comply with PCI standards and that disincentives, such as fees, can discourage them from failing to comply, he says.
Types of merchants at high risk for breaches include hospitality, retail chains, pizza parlors, Mexican restaurants and universities, Bucolo notes.
Medical-services providers are emerging as a medium risk, he says.
Focusing first on high-risk merchants makes sense, Bucolo suggests. The most valuable merchants often have the most complexity, including multiple locations, e-commerce operations, web applications theyve developed in-house and an inclination to do their own hosting, he continues.
Meanwhile, some security problems are becoming more severe. Some merchants, for example, are becoming less likely to use tokenization because they suspect EMV will rescue them from breaches, Bucolo says.