Small business owners reported $8 billion in fraud losses in 2010, mainly related to hacked credit cards and bank accounts, according to a new study of about 900 small business owners and self-employed individuals by Javelin Strategy & Research, a research firm in Pleasanton, Calif. Of that $8 billion, some $5.43 billion was out-of-pocket expenses incurred due to fraud, including lost business, legal fees, and insurance payouts, Just as a general rule: As the economy drops, the fraud rate increases, and as the economy increases, the fraud rate decreases. So part of the decline is due to increasing sales and GDP in late 2010. Part is unfortunately due to the fact that some small and midsize businesses closed during the economic downturn.
But there's also been improved education about credit-card fraud, and the larger small companies are instituting best practices in line with payment card industry compliance and tighter regulation. There was also a decline in existing card fraud, which small businesses are about 50 percent more likely to suffer than consumers.
The credit-card number seems to be a higher-value target for fraudsters, who may view debit cards as more secure or perhaps inherently more risky to put into play.
There is a substantial gap between reported losses from fraud and the total cost of dealing with a fraud. It seems that cost has never been completely accounted for. It's a huge amount of dollars that's lost by financial institutions, card issuers, merchants, and insurance companies due to a fraud that's perpetrated.
For instance, the state of Texas announced this year that an unencrypted data file containing 3.5 million records was left inadvertently on a publicly accessible server. The records included names, addresses, Social Security numbers, and driver's license numbers as well as dates of birth.
What happens is that scammers put together a very personalized e-mail asking you to confirm a recent purchase or confirm your driver's license number. They want you to click on a harmful link or open an attachment that looks like a Word document but actually puts something on your machine called a key logger, so the next time you type in your bank account and password, they can get that data.
It's very common for friendly fraud to be involved in small and medium-size businesses. You know the people in the company, they know you. Everyone may be working on the same computer system where bank account information is stored right along with marketing and product data. Owners tend do things like give their passwords out to employees who are believed to be trusted old friends.
Every business should do regular, complete antivirus sweeps with updates. Don't just get a free trial of antivirus software and let it lapse. Keeping your antivirus software up to date doesn't stop all the fraud, but it goes a long way toward catching the obvious ones.
Education is also important. I hope financial institutions will work with business owners. Not to turn them into IT people, but just to let them know not to open unknown e-mails or not to click on unknown links to watch a "fun video."
And if you click on an e-mail and you get a warning that says, "Do not open"—don't do it. It sounds crazy, but I know people who think if they've got antivirus software, they can click on anything and they're protected.
Sign up for real-time alerts on all your accounts, including online banking. Bankers and card issuers typically allow a robust set of alerts to let you know immediately if fraud is suspected.
Of course, antivirus software and plug-ins that secure your computers against "man-in-the-browser" attacks, which include those key loggers I mentioned.
No comments:
Post a Comment