ARDMORE, Pa. — The use of credit and debit cards is at an all-time high, but the risk of fraud and financial loss doesn’t end there, making it extremely important to protect your drycleaning business’ data and information.
The most valuable assets of every business now involve some form of Internet connections and data storage of customer lists, books, records, receipts, tax documents, intellectual property and trade secrets. We correspond through e-mail, transfer information through the Internet, and hold webinars and training and business meetings online. Many businesses are even completely paperless.
PROTECTION BASICS
More and more responsibility for the protection of this personal data continues to fall on businesses. Any drycleaning business that takes names, Social Security numbers, and other sensitive customer information is required by law to take all the necessary steps to protect this data from loss and theft. In fact, it is the drycleaning operation’s obligation to protect the data and the financial information of its customers, suppliers and employees.
To the uninitiated, the greatest risk might seem to lie with high-profile and high-risk businesses. But it is small- to medium-sized businesses that are increasingly finding themselves at risk. According to a recent study by the U.S. Secret Service and Verizon Communications, more than 72% of all data breaches occurred in small- or medium-sized businesses.
CREDIT CARDS
When a brick-and-mortar merchant physically accepts a credit card for an authorized charge, they will get paid so long as the business has conformed to the regulations—even if a stolen credit card is used. In general, when it comes to who is liable to pay for credit card fraud, the card association typically picks up the costs.
Naturally, any business accepting the card will still have some associated costs, such as the cost of processing the order, expended supplies or services, handling the charge-back, etc. It is a similar story in the card-not-presented world, only the merchant is typically the one paying for the fraud. It has also lost the services performed, all of the overhead costs spent on the order and, in many cases, a charge-back fee will have to be paid.
Although liability may or may not be limited, there are severe penalties for losing credit card data. Many merchant service agreements make the drycleaning business responsible for the expenses of forensic investigations, credit card re-issuance costs and the fraud conducted on the stolen cards.
THE PROBLEM TIMES 10
So-called “cyber hacking” is big business, and no one—not individuals, not small businesses, not large corporations—is safe. All of a drycleaning operation’s data, including the names of customers, their contact information and the Social Security numbers of employees, are valuable information to a cyber-hacker.
In the United States, most states have breach notification laws, and other countries are following suit. Written notification must be sent to those individuals who have been affected. Even where such laws are not in place, a reputable drycleaning business should provide breach notification.
Social media sites expose information at light speed with little control. A business site as well as an employee’s activity on social media sites can trigger liability, especially if the business is responsible for the sites. Defamatory statements, leaked information and copyright infringement are all growing concerns.
It is becoming more and more likely that a drycleaning business’ reputation will suffer from a cyber security breach. Losing the trust of customers can be much more damaging than the financial loss of repairing the effects of any breach.
Making matters worse, a drycleaning business may be held liable for the loss of third-party data. If there is a data breach, the operation could find itself facing expensive damage claims.
In our conclusion on Thursday: Do-it-yourself risk management, insurance to the rescue, and hacking threats!
Information in this article is provided for educational and reference purposes only. It is not intended to provide specific advice or individual recommendations. Consult an attorney or insurance agent for advice regarding your particular situation.
Have a question or comment? E-mail our editor Dave Davis at [email protected].