Walt was shocked as he reviewed the email. Where were they all coming from? As he scanned over the day’s transactions on his website’s shopping cart he saw hundreds and hundreds of declined transactions. This was highly unusual. His transaction volume had gone through the roof and he had no idea why. It would be 24 hours before he found out that his merchant account had been blown up as result of the day’s activity. What happened next is very instructive.
It turns out that a band of cyber-criminals located in Eastern Europe began using Walt’s site in their credit card fraud scheme. According to law enforcement officials, the crooks used a computer program to generate a list of syntactically correct credit card addresses. Each of these credit card numbers was submitted through Walt’s shopping cart, although most of the transactions were declined, some went through. The working credit card numbers would then be sold on the black market.
Walt received notification from his bank that his merchant account had been closed due to a high volume of fraudulent activity. It didn’t matter to the bank that Walt was a victim in this situation – they were primarily concerned with protecting their own interests.
The loss of this merchant account meant that he couldn’t accept credit cards as payment. Ordinarily, this would have shut down his business and meant big losses until he was able to open a new one. However, Walt was prepared for this kind of situation.
Although Walt never imagined that his E-commerce website would be targeted for use by criminals, he was none-the-less prepared for what happened. You see, Walt had an emergency response plan in place. Though he hadn’t foreseen this exact situation, he had identified a variety of potentially disruptive scenarios. Some were scenarios like fire, theft, natural disaster, or local evacuation. Other disruptive scenarios had to do with key vendors and employees.
Emergency preparedness is more about being ready to respond to a wide variety of situations than it is about anticipating every possible event. For example, when the NYC Twin Towers collapsed on September 11, 2001, Mayor Rudolph Giuliani and his staff were preparing for an emergency response training exercise elsewhere in the city. Although they hadn’t anticipated the disaster that did strike, they had anticipated and prepared for enough other disastrous scenarios that they were able to respond quickly and efficiently to the situation that they did face.
Identify Single Points of Failure
After Walt identified a list of disruptive scenarios, he worked to protect his business from single points of failure. To the extent that it was reasonable and practical, he worked to ensure that he had redundancy in place for critical business areas. For computer files, this meant that not only were they backed up, but the backups were available off-site. For credit card processing, he had two separate merchant accounts through two banks.
As a result, of this redundancy in his business, when the unexpected occurred, he was prepared. After Walt’s E-commerce security settings were adjusted to prevent criminals from using his site to further their schemes, the second merchant account was connected to the site and he was back in business. A disaster that could have crippled his business had been overcome almost as fast as it had popped up. What can you do to prepare for disruptive events in your business?