Amanda Laidler freely admits she is one of the many small business owners who did not regard financial data security as a top priority.
But all that changed the day that her credit card processors refused to cover the cost of £2,000 worth of goods, sold online to a customer who had stolen someone else's financial identity and credit card details.
It was money the co-founder of Welcomebabyhome, a Sunderland babywear boutique, could not afford to lose.
"We felt sick. Everything had gone out before we became suspicious. We had asked for checks to be carried out by our card processors which had not been done," she says.
"We were upset because somebody's card was being used in this way, and because of the harm to our business."
As a result, the way the store handles its billing - and indeed all its customer data - has been turned upside down. Background checks are run on staff and she phones back customers making larger transactions to check they are who they say they are.
It has been such a turnaround that the firm is proud to have just won a national award for its efforts fighting identity fraud.
Bought in bulk
Criminals who steal other peoples financial identities to obtain goods and services or open fraudulent bank accounts gain more than £1,000 from each single identity stolen.
That is one of the latest statistics from a study just completed by the National Fraud Authority and the National Fraud Intelligence Bureau.
The report puts the annual cost of identity fraud at over £2.7bn. More than 1.8 million people are affected by identity fraud every year. The number of cases coming to light has risen by almost 10% in the first nine months of this year.
Fraudsters may use identities they have personally purloined, or they might buy them in bulk from covert operators on the internet.
The proceeds are then used to obtain goods, services and benefits in the victims name. Fraudulent bank accounts are opened, and the perpetrators commit all kinds of crimes from evading police detection to enabling people trafficking and terrorism.
Few of us can say we are never careless about disclosing details of our identities to strangers.
Not all of us choose to display personal information online on Facebook or other social networking sites.
But on the simplest level, many of us worry about exactly what happens to our credit card when a waiter walks off with it in a restaurant. Should we protest when we set up a tab in a bar and see the card casually thrown into a transparent glass on the back of the bar?
So while we may have ourselves to blame, could it be that too many merchants are still being cavalier with our data?
Stephen Alambritis of the Federation of Small Businesses says that is not the case.
"We do not think small businesses are naive or slapdash with people's data," he says.
"This is just the latest of many kinds of criminal activity that can affect them. Of course, they will deal with it when it affects them, but we do urge businesses to take this seriously.
"We estimate the cost of a single hit can be around £3,000. That is to retrieve and reverse the situation and to tighten systems to try and ensure it does not happen again."
Dr Bernard Herdan is chief executive of the National Fraud Authority a government agency charged with leading the drive against rising levels of fraud in the public and private sectors.
His office displays a photograph of a room used by a criminal gang to forge passports and other financial and identity documents.
What is particularly worrying is that much of the computer equipment used there, almost everything you need to try and pass yourself off as someone else, can be obtained from household-name computer stores - even the necessary high-quality printers.
"People are aware this is a problem, but are still not thinking enough about what they do when they go on the internet," Dr Herdan says.
"For example, they still respond to requests for bank details. People should check their credit status regularly with one of the agencies.
"Others may even see something abnormal on their bank statement - but still do not flag it up."
Not all identity thieves prefer to go phishing for your details online. Others are perfectly happy to fish through rubbish bins outside firms and offices for carelessly discarded invoices, receipts, bills, bank and credit card statements. These remain a rich source of personal data.
Repairing the damage to your identity and financial reputation is stressful and time-consuming.
An individual's ability to borrow could be destroyed for months on end.
The good news, if there is any, is that there are now clearer processes and set procedures to work through if you find someone has purloined your details.
But the National Fraud Authority warns in trickier cases it may still take 200 hours to sort out a single case. That is the same amount of time, on average, as most people spend on annual leave.
That alone is a great argument for guarding your identity more carefully in future.