Small Businesses are Still Complacent About Fraud Risk

“Complacency remains one of the most dangerous behaviors among small business owners. And this makes businesses vulnerable to online fraud and other hacking activities.”

That’s the word from Small Business Trends, which cites a report from Emailage revealing that 48% of small businesses in the US and Canada believe they’re not a big enough target of online fraud.

But recent statistics negate this belief. In fact, small businesses in the US reported losing an average of $28,313.33 to online fraud in the last year.

Surprisingly, small businesses remain unconcerned about attacks by cybercriminals. And this mindset means businesses will continue to suffer more losses.

“This research shows a lack of concern among many SMB owners when it comes to fraud prevention. These businesses work with considerably smaller profit margins. Therefore, losing even a fraction of their revenue could have major repercussions for their businesses, impacting long-term growth and business development.”

~Emailage CEO, Rei Carvalho via Small Business Trends,

Retailers are Among Lowest Ranked Industries Where Security is Concerned

According to a survey by risk management firm SecurityScorecard, retail is among the lowest-ranked industries in terms of its security stance.

 “To remain competitive, retailers are adopting new payment and digital technologies, exposing them as prime targets for cybercriminals.”

~ Fouad Khalil, head of compliance at SecurityScorecard

Notwithstanding the Payment Card Industry Data Security Standard (PCI DSS) established in 2004, many retailers are pretty much ignoring it. Astonishingly, over 90% of retail domains analyzed indicated noncompliance with the regulation. That’s a mistake because any retailers found in violation of PCI compliance face some stiff financial penalties.

“As organizations assess their compliance with PCI DSS, they must be able to detect, remediate and recover from any threats or vulnerabilities adding risk to unauthorized access to CDE .”

~ Fouad Khalil

Another problem in the retail sector is that convenience and the user experience are trumping security. Retailers are so focused on how technology creates business value, that security is oftentimes an afterthought, suggests Ron Schlecht, a managing partner at cybersecurity consulting firm BTB Security.

In today’s competitive sales landscape, retailers give priority to what users want. That means front-end ease of transaction wins over back-end retail security because merchants are resistant to security measures that interfere with making a sale.

“Data protection needs to be top of mind no matter the size of the community or agency.”

~ Jim Varner, CEO and president of SecurityFirst

Historically, retailers have exhibited little awareness of security even though there have been many high-profile breaches throughout the years that have impacted major merchants.

Social engineering scams that target retailers are on the rise and the retail industry again ranks among the last in security against such threats.

“The way we shop has changed drastically in the last few years. Retail is traditionally a low-tech business. The new technology brings new security challenges, and these ‘digital shoplifters’ can’t be simply scared away using security sensors. The current way of life requires a different security approach that can protect your assets from cyberthreats.”

~ Migo Kedem, senior director of product at SentinelOne.

As an IT security specialist working for a large grocery chain, Scott Swenka believes a lack of security-minded leadership is causing the industry to fall behind others when it comes to risk management.

What Can Be Done?

Information found on Security Intelligence indicates that although PCI doesn’t seem to have ameliorated security in retail, point of sale regulations have the potential to make a positive difference in the future.

“Regulation will force the necessary cultural shift in how retailers approach security,” predicted Jim Barkdoll, CEO at security vendor TITUS. “Even those that have had a breach tend to relax their focus on security practices after the public attention around their breach wanes, driving long-term security investments lower on their list of priorities. Regulation changes that and will force a continued and consistent adherence to security policies and practices.”

Retail organizations need to practice secure development and operations as well as monitor emerging threats in the digital environment. Retail apps should also be built with security built in from the beginning of the development process, enabling retail systems to become more secure from the ground up.

Data needs to be encrypted during system communication and storage, and apps should incorporate authentication between the app and its servers. Customer authentication via one-time passwords (OTP) and biometrics would add another level of security as well.

Small Business Trends indicates that for companies using tools to prevent online fraud, an email verification solution was number one for close to 40%. Other solutions include third-party payment processors, IP address trackers, banning fraudulent accounts, and daily reconciliation of accounts.

Emailage recommends that “SMBs find a reliable fraud prevention provider offering a collaborative approach to your niche requirements, a network of expertise and insight, and a sophisticated multilayered approach.”


As mentioned previously, 48% of small business owners claim their companies remain too small to be affected. 

According to Emailage, “This false sense of security costs small businesses tens of thousands of dollars due to fraud.”

For small businesses not capable of circumventing, containing, and reconciling fraudulent attacks, the damages can be disastrous:

“These damages go beyond financial loss. Businesses will take a hit to their reputation and brand, which is of great concern for small businesses.” ~ Small Business Trends

Like many industries, retail organizations prioritize innovation and customer retention before security, warns Security Intelligence. The company goes on to say, “As consumers become more concerned about their own digital security and privacy, retailers must invest in new security technologies and practices and lean on industry experts to help build secure systems.”

Find out how retailers like you are saving time and making money with the Rain POS system. POS, E-commerce, and Marketing all in one.

Sherene Funk is the author of the contemporary romance Autumn in Your Arms and two small business e-books. She is a voracious reader who owns more books than she can ever read in this lifetime. A graduate of Brigham Young University, she worked in advertising for many years before moving to her current writing position at Rain Retail Software. She researches non-stop to see what successful retailers do and loves to share what she learns with small business owners.