With more and more pressure on “right-sized” workforces to perform the same (or more) workload, many consumers facing time constraints now find it easier to shop online than visit a traditional brick and mortar store. While the recession is causing year to year traffic decline for many retail stores, other retailers are looking for new ways to improve store traffic and sell goods.

As a result, many small retailers are now opening up online stores to peddle their goods. With large online sites like Amazon and Ebay seeing record sales in a recessionary period, e-commerce sites are becoming a necessity for retailers to stay competitive.

Low Barrier to Entry

While starting a brick and mortar store can cost tens of thousands of dollars, opening an online store can cost as little as $1,000 to $3,000 for a professionally designed e-commerce site. However, remember you will have to effectively market the site to drive a steady stream of potential buyers. Not sure how market your site? Here are two ideas:

• Find local buyers. The easiest way to do this is to set up a geo-targeted online campaign promoting the products you offer through top search engines like Google or Yahoo.
• If your store is located in a high traffic area, simply placing a banner with that includes a sales call to action with your web address highly visible can easily convert into online customers at no additional cost.

If TJ Maxx, Advanced Auto Parts, Dave & Buster’s and Okema Mountain Resorts can experience serious POS credit card data security breaches, you just know that small business operations without an IT staff or a great deal of computer savvy are vulnerable. In fact, that’s the common link between a restaurant/microbrewery in California and a family-owned restaurant in Ohio. Both had credit card customer information exposed, stolen and misused.

These are not isolated cases. Merchants large and small have been victimized, and, in turn, have unintentionally victimized their own customers. And yet, all could have taken steps to protect their customers’ data – and their reputations – with the latest in encrypted swipe technology and other common-sense safeguards to bolster end-to-end security. They would have removed the threat of customer losses and potentially hefty fines for safety non-compliance.

The Scope of the Problem

Credit card compromise occurs when an unauthorized party takes advantage of a flaw in a system that processes, transmits or stores cardholder data. Level 4 merchants – those with the fewest annual credit card transactions – are at the greatest risk of compromise. And more than half of fraud cases involve merchants in the food service industry.

Think of POS data security as a chain link fence. There are multiple areas of vulnerability – an interloper might go over the top, or look for a weak spot, or crawl underneath. A data security compromise is much the same. The crime can occur at any point in the transaction process – from point of service to back-end processor – but 71 percent of the time it takes place at the hardware POS terminal. Right there on the counter of the store or restaurant.

From packet sniffing software to malware on store servers, to crooked employees, there are a whole range of threats to merchant transaction security. The smaller merchant is at enhanced risk because of factors ranging from improper installation or the use of older software to a lack of computer security sophistication. Whatever the cause, the mom-and-pops can be subject to outrageous fines passed down from the card company to processor to retailer.

As an example, the card processor passed its $27,000 fine for the breach at the California restaurant/microbrewery to the merchant – a dollar sum that equaled five days’ sale of food and beer. (Wall Street Journal, 9/22/07 “In Data Leaks, Culprits Often Are Mom, Pop”).

Often, the problem is system installation that disregards Payment Application Data Security Standard (PA-DSS) protocol. The improperly installed software package might be storing track data – a security no-no – that’s later illegally accessed. For instance, the California restaurant/microbrewery was discovered to have inadvertently stored account data on nearly 12,000 customers. That’s not as shocking as it sounds. A recent survey by VISA and the National Federation of Independent Business found that 52 percent of businesses with fewer than 250 employees were storing such sensitive data as credit card customer names, account numbers, expiration dates and security codes.

The Case for Encrypted Swipe

While full Payment Card Industry Data Security Standard compliance is an excellent start, it’s not enough. A lock on the gate does little good if a section of chain link is knocked down a few feet away. The PCI mandates that credit card data must be encrypted when stored or being transmitted, but the information can still sit unencrypted within the merchant’s private network, at the card reader, while awaiting authorization.

With encrypted swipe, the data on the card’s magnetic strip is never available to prying eyes. The user is offered end-to-end protection, from point of swipe to point of acceptance. MagTek, a leading provider of encryption technology, has partnered with Payment Processing, Inc., to offer data encryption in a POS terminal bundle. The result of such seeming redundancy is a system so protected, the cyber-criminal will be more prone to look for easier pickings. Why climb the chain link fence with razor wire at the top when you don’t have to?

Simple Steps to Safety

When used in conjunction with encrypted swipe technology, these steps will help your customers ensure the safest possible POS environment:

• Make sure the POS system is PA-DSS compliant. The Payment Application Data Security Standard is endorsed by the five major payment card brands to ensure that payment applications don’t store sensitive card data and don’t have flaws that draw hacker attacks. Learn more about compliancy at www.pcisecuritystandards.org.
• Make sure the software is installed in a PA-DSS compliant environment
• Select a trusted payment processing partner. The company providing the retailer’s merchant account should be listed as PCI compliant.
• Consider taking the extra precautionary step of signing up with a Qualified Scanning Vendor (QSV). These security experts will analyze your POS system, subjecting it to every feasible attack vector. If the application can be breached, the QSV will breach it. Based on the findings, the QSV will help bring the application compliant with Payment Card Industry Data Security Standards.

Build Your Fence

No system is foolproof, and the most difficult challenges often become the targets of the most determined hackers. But if you can easily and inexpensively install a POS solution that acts as a very high chain link fence – and is installed in collaboration with other security features to protect customer credit cards– only one question remains.

Why wouldn’t you?

If you are trying to get financing because you plan to open a retail store, expect the bankers you approach for loans to ask for a business plan. With the tight credit markets that exist in today’s economic climate, financial institutions are requiring thorough documentation and comprehensive business plans from loan applicants. Here are some key factors lenders consider when trying to determine whether or not to loan to a retail business:

• Do you have good credit and the necessary collateral to qualify for a loan?
• Does your Retail Store have a distinct advantage over competitive stores?
• Do you or your staff have experience managing a successful retail store?
• How much start-up capital will your store need to be successful?

Prospective new store owners increase the likelihood they will get approval for a loan by investing time to develop a well thought out business plan. Your business plan should be easy to read and clearly state a road map for how your new store will be financially successful.