Big companies and big government get big press when their data is breached. And when a big company is hit, those whose accounts have been compromised are often notified. With smaller businesses, however, victims are often left in the dark, regardless of the various state laws requiring notification.
One reason for this is that smaller businesses tend not to keep customer names and contact information on file, and credit card companies discourage them from recording credit card data.
This is serious cause for concern. The Wall Street Journal reports that the majority of breaches impact small businesses:
“With limited budgets and few or no technical experts on staff, small businesses generally have weak security. Cyber criminals have taken notice. In 2010, the U.S. Secret Service and Verizon Communications Inc.’s forensic analysis unit, which investigates attacks, responded to a combined 761 data breaches, up from 141 in 2009. Of those, 482, or 63%, were at companies with 100 employees or fewer. Visa Inc. estimates about 95% of the credit-card data breaches it discovers are on its smallest business customers.”
If 95% of breaches affect small companies, it’s anyone’s guess how many times my or your credit card numbers have been compromised. I’ve received four new cards in the past three years as a result of major companies being breached. But I use credit cards at more than a hundred different retailers in a year. And it isn’t only credit card numbers that are stolen, but also usernames and passwords, Social Security numbers, email addresses, and more.
Check your credit card statements online weekly and refute any unauthorized charges. As long as you dispute charges within 60 days, federal laws limit your liability to $50. Unauthorized debit card charges must be reported within two days, or liability jumps to $500.
Change up your passwords at least once every six months. If a business is hacked, they may not know for years, and can’t possibly notify you until it’s much too late.