BusinessTN

If you're a small business owner, MasterCard is watching you a little more closely.

Alarmed at the consistently high incidence of credit card fraud and identity theft, the credit card giant is enforcing stricter regulations on merchants to comply with security standards. This means card issuers are keeping a closer eye on how merchants store customer credit card information, and it means a new expense for thousands of businesses.

Thomas Lewis, Partner with LBMC in Nashville, does on-site security evaluations for Fortune 500 companies. Traditionally, Lewis says, only the 200-300 largest merchants were required to have on-site security evaluations; smaller companies could self-report their security status. Now, the next highest tier is forced to pay for evaluations, and that means extra costs for thousands of companies. The smallest businesses can still self-report, but Lewis warns, "while the massive companies have the largest individual account breaches, the research shows smaller merchants make up nearly 80% of the actual events."

Small businesses may still be able to self-report security risks as usual, but Lewis is concerned that credit card companies will be keeping a closer eye on how safe card information remains. Fees owed MasterCard for non-compliance can be anywhere from $5,000 to $30,000 per month, with further failure leading to a full revocation of card service, Lewis warns. Long term, this can have an effect on company insurance, as a demonstrated failure in security standards makes a business seem more of a risk.

Stricter security standards among the large merchants may also spell greater risk for small businesses. Chris Phillips, an attorney with Waller Lansden, says that many small businesses fail to realize how attractive a small business really is to identity thieves. "As larger merchants become more compliant, criminals go after softer targets," Phillips warns.

To avoid being a soft target, take a close look at the software used to keep credit card records. Phillips says that often a small business owner's operating system will record unnecessary information like card numbers, expiration dates or pin numbers. Self-assessment programs, network security tests that remotely probe your network, and even insurance policies taken out against theft offer varied effectiveness and added costs, Philips says. Outsourcing much of the processing to a compliant company can help place information that a merchant does not need in a safe place.

A little research on the part of the business owner can be useful, as well. The breaches that have occurred at some of the larger companies like TJ Maxx provide informative case studies, Lewis says. Since most of the pressure starts at the top, paying attention to trends in security and theft at that level will give small companies a crucial heads up. Companies exist that offer services to businesses that can decrease risk profile, and even the Better Business Bureau has partnered with seven major corporations to create an easy guide for small businesses called Security & Privacy -- Made Simpler.

When it comes to online and data security, an ounce of prevention can translate into much more than a pound of cure. After all, staying ahead of the game with card security is not just good for the customer's peace of mind; it can be the difference between a credible business and a glaring security liability.