When it comes to theft at your place of business, long gone are the days of having to worry only about employee shrinkage and a customer using a stolen credit card.
Nowadays, there’s the dark web to keep you awake at night. Personal information such as social security numbers, credit card information, driver’s license and loyalty accounts, for example, are doing brisk business on the dark web.
According to the consumer credit rating agency, Experian, a social security number goes for $1. While that might seem like chump change, if your store has hundreds, or even thousands of customers, that could be a big pay day for a thief using the dark web. If your customer data isn’t as secure as it should be, it wouldn’t be difficult for an anonymous entity on the dark web to steal all your customer’s information in a New York minute. And who better to know than Experian, which was hacked in 2015, exposing the data of 15 million Americans.
If dark web forces can hack Experian and, more recently, Equifax (in 2017, 143 million Americans’ data was hacked), they probably can hack your business data. And even if you don’t collect your customers’ social security numbers, other personal information is even more valuable.
Experian, on its website lists the going rate for personal information:
- Login information for payment services such as Paypal: $20-$200
- Credit cards: up to $110
- Loyalty/Rewards account info: $20
If you’re not sure if your data is secure, it’s time to learn about the nefarious forces of the dark web….
What is the Dark Web?
There are essentially 3 major entities of the Internet. First, there’s the open web. Also called the “surface web”, the open web is the part of the Internet that’s visible to the public. For example, any search you perform on Google is part of the open or surface web.
The second entity of online activity is the deep web. While “deep web” may sound as illicit as “dark web”, it’s usually innocuous. Here’s an example: an employee of a hospital logging in to the hospital’s portal to access the medical history of a patient. In short, the deep web is accessed only with authorization.
The third part of Internet activity is the dark web. Not everyone who uses the dark web is a personal information thief. Nor is the dark web merely for the sale of weapons, drugs and other illicit activity. However, illegal activity is a major component of the dark web.
That’s not to say that the dark web is itself inherently evil. The technology of the dark web uses encryption, which offers anonymity.
Perhaps at this point you’re wondering why anybody who is totally law-abiding would require to surf the web anonymously? The answer: protecting your data from being sold to the highest bidder.
Here’s an example: let’s say you want to donate money to a political candidate online. If you do just that, it’s possible your data could be sold to a political action committee or other group affiliated with party politics. Consequently, you will start seeing lots of ads in your social media feeds and YouTube. If that’s something a political donor wants to avoid, he or she may use an “onion” (see below)….
Another example of the dark web not necessarily being used for illegal activity is a good-intentioned whistle-blower or journalist revealing corruption at a company (or within government).
The Onion Router (TOR)
People who use the dark web use a special software called TOR, which stands for The Onion Router. Another software that provides encryption is called I2P, or the Invisible Internet Project. To completely understand how this software works requires a degree in computer science. However, suffice to say that the software allows users to access websites without their IP address getting traced.
Nonetheless, if you’re a business owner, it’s most likely a question of when, not if, your customer data will be compromised.
Dark Web Targets
If your business takes orders online, there’s even more frightening news about the dark web to keep you up at night….
According to a global real-time cyber threat intelligence provider, data breaches are occurring more often during e-commerce transactions. The reason why is that more in-store point of sale (POS) systems are using EMV technology. Otherwise known as chip-card readers, EMV technology makes it more difficult for hackers to steal credit card data and other personal identity information. (All the more reason to switch to EMV technology if your store hasn’t done so already.)
Thus, cyberthieves are turning more to e-commerce databases. But it’s no longer only large institutions that are vulnerable to cyber theft. Although hacking, say, an institutional bank, can be lucrative for a cyber criminal, the larger the breach, the more alarms will be set off, so to speak. In other words, there’s more of a risk of getting caught. Therefore, unscrupulous dark web actors are targeting softer targets, i.e. small businesses.
How can you prevent dark web theft? The first thing is to make sure your POS data is stored securely. Contact us today to find out how you can protect your customers’ data.