British businesses were hit by card fraud once every 20 seconds in March, with payments expert Worldpay warning that small businesses are likely to have been hackers’ biggest targets.

Worldpay, the UK’s leading Payments Company, saw over 133,000 fraudulent transactions worth £10 million reported in March alone, leaving businesses out of pocket as fraudsters purchased goods and services using stolen card details. Over 67% of all fraudulent transactions happened online, while purchases made over the phone or by mail accounted for 19% of the total.

Tim Lansdale, Head of Payment Security at Worldpay, said: “Technology to guard against card counterfeiting and fraud has come a long way, yet the rates of attack are truly alarming. Card details are the weakest links in consumers’ and businesses’ defences and the one area that fraudsters know to hone in on.

Businesses that fail to protect their payment systems are not only left out of pocket when goods are purchased using stolen card details but also face paying for the investigation into the breach and the stiff industry penalties which inevitably follows. They are also likely to face bad publicity, which can swiftly erode the years of trust customers have built up in a business and can lead to even more lost custom in future.”

Small businesses, which accounted for 85.7% of all card data breaches, last year, make easy prey for the more advanced cyber hackers. By contrast, Worldpay has seen a 179% increase in payment security compliance amongst the UK’s biggest businesses, as the boardrooms of larger, better resourced companies look to bulk up their security in line with the card payment industry standards.

Regardless of business size, the clean-up costs of being targeted by hackers and suffering a card data breach can run to tens of thousands of pounds. A standard small business forensic investigation into a card data breach costs £11,250 on average and typically attracts at least a £8,000 industry penalty, not including the costs of lost goods and damage to reputation. Worldpay has seen larger businesses pay up to £100,000 for the forensic investigation alone.

“Prevention is clearly better than the cure when it comes to getting hacked. The UK’s largest companies have made great strides to improve their payment security but small businesses are still falling behind and being targeted as a result. Businesses of all shapes and sizes should be taking the necessary measures to protect themselves and their customers and employees,” said Lansdale.

Advice to businesses: How to avoid being a victim:

Card data breaches:

  1. Check you meet the card industry’s standards for keeping card data safe, and that your third party suppliers do too.
  2. Install all the latest patches for servers, operating systems, applications, and frameworks (Java, .NET etc.), to protect your ecommerce website.
  3. Change online system log-ins from the default, and use strong passwords that hackers cannot guess.


  1. Ask your payment processor about online protection, such as Verified by Visa, to make ecommerce payments safer from fraud.
  2. Be wary of high value or unusual orders from a customer you do not know, particularly if the product can be resold easily.
  3. Use the Address Verification Service, to match the customer’s delivery address with the billing address of the card owner.
Related Articles