Since we often relate to the security of a business through the eyes of our personal data security – it may come of a surprise that a SMB is exposed to data security threats where a personal card holder is protected.
As a consumer, having your online banking account credentials stolen — either via phishing or through password-stealing malware — can be a nasty experience, but it is  not a costly one. The federal Electronic Funds Transfer Act (“Regulation E”), limits consumer liability for unauthorized transactions to $50, provided notice is given within 10 business days, or to $500 provided notice is given within 60 business days. Even so, retail banks often will work to make whole those customers who are victims of online fraud.
On the other hand, SMB that bank online do not have consumer protection. The obligations of a commercial bank and their business customers are spelled out in the agreement that both parties sign;  generally business customers agree to notify their bank of any suspicious or unauthorized transactions on the same day that the transaction in question occurs. There is no guarantee that the bank will be able to block or reverse any fraudulent transfers, and since most SMB don’t perform real time transaction or data loss monitoring – the chances of complying with the agreement are slim.