Within the midst of the more than 70 million consumers that wereimpacted by the massive hacking of credit and debit card accountnumbers and theft of personal data through retailer Target Corp.were small businesses – that likely have much more to lose.

While hard figures are not readily available on the number ofactual companies that were affected by the breach, according toChargebacks911, a Tampa Bay, Fla.-based dispute mitigation company,online retailers are drawing a $279 loss for every $100 of fraud loss, partially attributed to chargebacks and their associated costs.

“This series of breaches will likely hit businesses harder thanconsumers, especially when it comes to debit card fraud,” said JaniGode, vice president and division manager of the risk managementand payments group at SightSpan Inc., a Mooresville, N.C.-basedglobal management consulting group and financial crimes solutionprovider.

She added, “Small businesses may find funds frozen for sometime, resulting in an inability to pay vendors, employees and meetother operating needs. Imagine a small business that needs to makepayroll with its funds frozen for a two-week investigation – thatcould be devastating.”

Businesses could also be impacted more harshly because it may beeasier to hide fraudulent transactions on a business account versusa consumer account, Gode said. Businesses also typically have manymore transactions and each transaction amount could be much higher,she noted.

Meanwhile, credit unions continue to keep a keen eye on thefallout from the Target breach with some responding quickly to the crime byreplacing members' cards. As for business members, the breach'simpact may depend on the type of account they have – for instance,whether it's a corporate client or small business, said JeannieSugaoka senior vice president of support services at the $1.7billion TechnologyCredit Union in San Jose, Calif.

“In general, though, the impact on a small businesses memberaccount is the same as the impact for consumers. Many of our smallbusiness accounts at Tech CU are treated like consumer accounts,”Sugaoka said.

Under Visa's zero liability policy, the credit union's smallbusiness members will not be held accountable for anysignature-based transactions they did not initiate on their debitcard, Sugaoka explained. However, unauthorized PIN-based debit cardtransactions for business accounts would typically not be coveredby the zero liability policy but would be subject to the liabilitylimits policy of their specific financial institution.

Most, but not all, financial institutions go beyond whatregulations require and limit debit card liability to $50 forunauthorized use of a credit card before notification to the cardissuer, Sugaoka added.

Following the Target breach, Sugaoka said, Tech CU investigatedits card data and notified affected members to determine ifreplacement cards were needed. The credit union also encouragedboth individual and business members to check their accounts viaonline or mobile banking and to let the cooperative know about anysuspicious activity. A few clues that a business' system may havebeen hacked include changes in a computer's performance, loss ofspeed, unexpected re-booting and pop-up messages, Sugaokaoffered.

Besides financial losses that can stem from a breach, businessesmay also face consumer and class action lawsuits, said MikeAngelinovich, CEO of OHVA Inc., a security service provider in SanJose, Calif. Likewise, Reputation is also at stake, heemphasized.

“Businesses have so many accounts, it's more difficult tomonitor and once they determine a fraudulent hit, it becomes muchmore costly to notify customers, cover costs to address customercredit bureau activity and then put in place additional securityenhancements,” Angelinovich said.

If such a large chain like Target can be easily hit,Angelinovich pointed out, smaller stores and businesses accountsusing debit and credit card transactions with, more likely, lesssecurity in place, are even more vulnerable.

“Looking back on the history of online banking attacks, it wasthe large banks that were hit initially and then as they increasedtheir security, the hackers started focusing on smaller banks andcredit unions. I would think that the trend will be similar forsmall businesses,” Angelinovich said.

Some of the protection solutions used for businesses are thesame for consumers such as detection monitoring, anti-virussoftware and strong multi-factor authentication solutions,Angelinovich said. Still, many additional protection solutions arerequired for businesses such as VPN system access controls alongwith hardware system solutions to protect internal storage systems,for instance.

Since commercial bank accounts do not have the insurancecoverage that consumer bank accounts have, Angelinovich urged theuse of a strong multi-factor authentication solution withadditional security layers in place as required by the FederalFinancial Institutions Examination Council.

“MFA solutions using an IP address or a cookie are not secureenough against today's online exploits,” Angelinovich said. “Iwould also suggest a second authentication prior to any onlineaccount money transfers, followed by an old-fashion phone call tothe credit union. For commercial accounts, I would stay clear fromusing mobile banking, as security is still weak.”

At Tech CU, business and individual members have access toseveral tools to help spot suspicious transactions, Sugaoka said.The credit union offers free eNotifications for small businesses and individuals on accountactivity. Tech CU's larger corporate clients use a different onlinebanking system.

Through mobile banking, members can also monitor accountactivity, check balances and view account history and spendingpattern graphs, which can help members report anything that is outof the ordinary as quickly as possible. Tech CU also provides afraud and security resource page on its website that includes thelatest member updates and fraud prevention news.

Gode said the Target breach could reverberate for some time tocome.

“I believe the bigger fallout will be Congress investigating andprompting stronger controls at retailers and a push to EMVimplementation, the SightSpan executive said. “By all accounts,Target was (Payment Card Industry Data Security Standard)certified, but that did not seem to protect them.  It willbe interesting to see what other merchants were impacted.”