Data breaches compromise seven million UK credit and debit cards since 2011, says Worldpay

Three million cards put at risk in 2013 alone

Data breaches have compromised nearly seven million UK credit and debit cards over the last three years, with breached businesses each paying out almost a million in forensic and remediation costs, payments processor Worldpay has calculated.

Data breach costs fly around the ether every day of the week but the ones from Worldpay are worth paying more attention to - the firm sees 44 percent of all plastic transactions that happen in the UK.

According to Wordpay, the three-year average per breached firm is now £878,000 ($1,475 million), which it calculated by summing a combination of forensic costs and fines generated by incidents it was aware of through industry reporting systems.

Fines would include everything from those levied by the Information Commissioner's Office (ICO) but also by global card networks such as Visa and Mastercard, Worldpay said.

This is not a total data breach cost; that would have to take into account loss of reputation, the cost of extra IT staff and any upgrades that were needed to overhaul security after an incident.

The bottom line was that 3 million cards had been put at risk by breaches in 2013 alone, a hefty 1,518 percent rise since 2012 when the number was a now trifling-looking 200,000. Since 2011, the total number of cards put at risk was "at least" 6.57 million, excluding incidents either not known about or not disclosed.

Worldpay said it was particularly concerned about small businesses, which accounted for 61 percent of breached firms.

"While most large companies are strengthening their safety measures, there's been only a marginal improvement amongst small businesses," commented Worldpay managing director, Dave Hobday.

"Fraudsters go after low-hanging fruit. Small businesses are easy prey, so it's a real worry so many small businesses still don't see the value in compliance. If we want to see genuine change, it's important we support small business owners."

The firm's figures showed that small UK online companies would face costs of £6,400-£12,000 for an incident, a potentially significant bill.

"A data breach can be financially crippling - just the investigation alone can cost thousands of pounds, not to mention fines and loss of reputation," said Hobday.

The number of breached cards is shocking, as the possibility that this can run up big bills for the firms involved. Less commented on, of course, is the effect of this on the customers behind these cards, many of whom will also have lost sensitive personal data such as names, addresses, and dates of birth that cannot easily be reset or recovered. A stolen credit card can be cancelled, a stolen identity can't.

Under a previous guise, RBS WorldPay (as it was then) was the victim of an infamous November 2008 attack that targeted its US network of 2,100 ATM machines during which £6 million in cash was stolen. In 2010, the Russian authorities arrested members of the gang accused of carrng out the raid.

Later that year, WorldPay was sold to Bain Capital and Advent International, dropping the RBS part of the name and making it a private company.

Join the CSO newsletter!

Error: Please check your email address.

Tags e-commercevisasecurityinternet

More about ICOMastercardVisaWorldpay

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place