Since late 2009, law enforcement officials have been seeing an increase in attacks by fraudsters attempting to target the transaction data of small to midsize companies, stealing everything from business account numbers to customers' credit card information. John Bonora, vice president and compliance officer at Fairfield County Bank in Ridgefield, Conn., works with his customers to employ better safety precautions. In addition to concerns about financial losses, Bonora says, companies should be concerned about potential liability for breaches of customers' data.
"At a minimum, you need to know the basics about your state's laws and what the security expectations are," he says. "What a lot of states are doing now is building laws about safeguarding customer information and including the business' civil liability right in the law."
To keep your company safe, follow the guidelines below, but most important review your financial data at least two or three times each week to look for suspicious activity. Fraudsters move quickly, Bonora says, and the faster you can spot potential fraud, the better chance you have to mitigate the damage.
Designate one terminal for financial transactions. Keep it offline when not in use and do not use it for e-mail correspondence, which is a popular tool of scammers attempting to plant information-stealing malware on your terminal. Secure your terminal by passwords when it's not in use.
Turn to your bank for assistance. Many banks have compliance teams that can help you develop a system of transaction security to safeguard your business.
Rely only on virus protection programs. They simply can't keep up with new viruses and malware, Bonora says. However, your programs should be kept as up-to-date as possible for the protections they do offer.
Ignore the importance of employing PCI Data Security Standards, a series of universal financial best practices that will help you keep your transaction data safe. A good overview is available at pcisecuritystandards.org.