You’ve worked really hard to get your high risk ecommerce business off the ground. Today you’re processing sales transactions and finally earning some well-deserved dosh.

Now all of a sudden it turns out that your payment processor isn’t living up to their end of the bargain. They advertised an ability to provide “secure online payment processing.” You read a bit about that, listened to the salesman, bought into their promises, and signed up.

It was hard to understand exactly what services you’d receive, and how much it would actually cost for each transaction. Yet you bit the bullet anyway and started processing online payments.

All seemed to go smoothly for a few weeks… But now you’ve had several customers complain about fraudulent activity on their payment cards after shopping on your site.

Their card issuing banks are tracing the problem to your “unsecure payment processing.” They think your ecommerce site was compromised. Was it a data breach? Didn’t your website developer incorporate strong data breach security methods and tools?

You’ve reached out repeatedly to your payment processor for help, by phone — fax — and email. But they seem to have disappeared because no return calls — or faxes — or emails have come your way.  

No doubt you’re hopping mad. In addition to a data breach, you’ve experienced a breach of trust, which occurs with an infraction or violation of a law, obligation, tie, or standard (per

Let’s hope the next time around you’ll find a processor who believes — as we do at MerchACT — that business partners stick around for the long haul. They focus on your needs and help you succeed.

Here’s a quick look at tenets of data breach security, and a few basic security tips merchants should employ. So you can securely deliver products and services, earn more dosh, and thrive.

Data Breaches Don’t Hit Only Giant Retailers and Restaurants

You may have heard of the major known breaches reported this year: Arby’s, Chipotle, a point-of-sale system from DRB Systems LLC used at car washes nationwide, and the discount store chain Kmart.

But fraudsters don’t limit their activities to only large restaurants and retail establishments. They’re happy to rob you blind too, while compromising your customers’ personal and credit card data when data breach security measures are insufficient.

The rate of data breaches being tracked by the Identity Theft Resource Center (ITRC) in the first five months of 2017 increased 35.3% over the same period in 2016. As of May 30th, businesses and other entities reported six hundred ninety-eight (698) breaches.

Businesses, financial institutions, government entities, health-care providers, and schools all collect and store data records with personal information (such as credit and debit card accounts, Social Security numbers, and medical records). All of which should be protected.

The total number of records exposed isn’t known, but the nearly 700 breaches so far in 2017 may have compromised upwards of 10.2 million records — with 80 of the data breaches compromising payment card records. (This according to Karen A. Barney, the ITRC’s director of research and publications.)

(On a side note, check this out… an amazing visualization of a data breach. Fair warning, you might want to play around for a while.)

What Can Be Done to Protect Your Business?

Along with enabling the best payment processing and data breach security, experts recommend proactive steps to stymie the bad guys:

  • Put an incident response team in place. Make sure your Disaster Plan (surely you have one?) includes the steps you plan to take, and what professional assistance to request. Fast action can lessen the damage to your business.
  • Always protect the cardholder data you collect with encryption, following industry expert recommendations. This basic data breach security measure protects customers and your business.
  • Use multi-levels of passwords to access any databases storing customer information. Frequently change these passwords.
  • Run malware detection software on both servers (hosted or not) and workstations. Ensure your firewalls are up and secure.
  • Train employees in data security best practices. This helps to prevent inadvertent sharing of information. Run regular periodic background checks on employees who handle customer data.
  • Learn from your fellow ecommerce merchants. Share threats you identify among retail merchant brethren. Because forewarned is forearmed.
  • Appoint a chief information security officer. If you can’t do it yourself, put a technically minded staff member on point.
  • Ask your attorney to ensure your terms and conditions hold you harmless in the event of a data breach. (Note that this won’t stop anyone from suing you, nor prevent reputation damage.)

Data breach security measures rely on both secure website and payment technologies, and good business practices. Be smart about protecting your business — and choose your business partners wisely.


We here at MerchACT believe that the ecommerce merchants for whom we process payments are among our business partners. We care about their success, and act as both their payments processors and payments advisors to help them prosper.

And we know — from over a decade of experience working with ecommerce merchants around the world — that it’s also good for merchants to have a trusted processing partner to help them grow.

Keep your payments operation protected from fraudsters who want what you have earned. Data breach security is an important aspect of the protections you need to have in place to ensure your business operates successfully (and you’re not the next negative headline).

We love it when you visit our site to peruse the latest blog post. And we’d love to do business together when you need secure payments processing supplemented by data breach security measures. We really will help keep your ecommerce business protected from the bad guys.