The Rippleshot Data Breach Blog

Data Breach News Headlines Aren't Telling the Whole Story

Written by Kaleigh Simmons | May 26, 2016 4:31:56 PM

It’s easy to get caught up in the headlines, particularly when stories of large-scale breaches of cardholder information seem to graze the front of newspapers on a weekly basis. But the truth is, even though the Targets, Home Depots, Michaels and Wendy’s are all-encompassing as far as the media goes, they’re actually not the majority of the card compromises that take place - not by a long shot.

Stats on Small Biz Breaches

Of all of the compromises that Rippleshot detected in 2015, 74% of the businesses affected had five or less total locations. Seventeen percent had only one location. So, the overwhelming majority of card compromises occur not at the big box retailers and restaurant chains that we’re constantly reading about in the news, but rather, at the nation’s wealth of small businesses. And the vast majority of them are largely going undetected.

Why Aren’t These Being Caught?

Simply, there aren’t enough resources to be dedicated to investigating tens of thousands of small business data breaches. VISA’s own breach response guide says they typically look for the same incident to be reported by at least four financial institutions with at least 999 affected accounts before they confirm that a breach has taken place.

Death by a Thousand Paper Cuts

For financial institutions in smaller communities, with a more modestly sized cardholder base, the math on many of these small businesses compromises doesn’t quite ever add up to card network intervention. Even though it is where many of the losses are coming from. We’ve heard reports from banks and credit unions that the card networks don’t even start to look at a potential compromise until they amass 60,000 notifications from their issuers. Which probably helps explain why these breaches are going so long undetected.

Of all the compromises Rippleshot detected in 2015, the longest was 371 days, but the average was still higher than we would’ve expected at 83 days. We know that skimming devices often have very short (12-36 hour) stints on ATMs or gas pumps, so what’s driving up the average? It’s the malware-type attacks that were responsible for Target and Home Depot, among many others, that are going months without being detected.

Why This Matters

The media outing major retailers, hotel and restaurant chains for mass card compromises certainly works out in banks and credit unions’ favor. The customers know who the bad player is, and everyone gets someone to point the blame at. But the problem is that those compromises visible in the media are such a small percentage of what’s actually affecting your customers. The average compromised card that Rippleshot sees has passed through not one, but three compromised merchants. And we’d be willing to bet that at least two of those compromises, if not all three, are happening at small businesses that you have no way of detecting - until now.

Rippleshot prides itself on Sonar’s “whales and minnows” approach - meaning we’ll catch the huge Fortune 500 compromise just as quickly as we’ll spot an incident at your local dry cleaner down the street. We’ll get you through the weeds faster, so you can spend your time doing what matters most, taking care of your customers.

Check out more information about the tool below: