"The key impact of this will be a drop in the amount of fraud in the real world," says Damri. "On the other hand, it will push fraudsters to the online world where you don't have to show the pin and where you don't have to swipe the card."
Fail to Plan and You Plan to Fail
In such a complex threat environment, all companies need an Incident Response Plan, Ponemon says. "If you're a small company ... in Tornado Alley, you probably have a plan if your plant is hit by a tornado. It doesn't happen very often, but you're prepared for it."
In the same way, your company should have a plan in place in case fraud happens. This plan should include your immediate response, including which employees will do what, as well as regulatory information about what you need to disclose when. (Your state's attorney general has this information.) "You should run fire drills to make sure you're ready," Ponemon adds.
This might not seem like much. It might even seem silly. But a poor response to a data breach could be huge. Already, the average data breach costs a company $3.5 million, according to an IBM study that was conducted with the Ponemon Institute. Not having a plan raises those costs 10 to 15 percent, Ponemon says.
You can also hire a consultancy such as Neohapsis to help draft an Incident Response Plan and also conduct penetrating testing to see how secure you really are. If you're an online merchant, meanwhile, companies such as Forter will take the liability issue away from you, deciding which transaction are legitimate and which are fraudulent and assuming the cost of the fraud if they're wrong.
Sign up for CIO Asia eNewsletters.