Credit card chip readers may have led to fraud reduction for brick-and-mortar businesses, but hackers have found a new way to cause trouble. Thieves no longer able to hack in-person transactions have turned to online fraud using e-commerce and other card-not-present transactions.
“With the advent of the CHIP and PIN across the EU, physical imprints of stolen card information became useless for European criminals and hackers over the past few years," says breach prevention expert Gary Miliefsky, CEO of SnoopWall, Inc. "Now, with CHIP enabled cards becoming a requirement across the U.S., we see the same results.
"Cybercrime has shifted to the weak underbelly of network security, e-commerce, mobile commerce and online transactions," he continues. "This is creating a growing wave in online cybercrime across America."
[pullquote showtweet="false" username="Debbie Cates" alignment="center"]Maintain the delicate balance between rejecting fraudsters and approving trustworthy customers.
—Debbie Cates, CMO, Emailage[/pullquote]
Fraudsters are migrating to e-commerce, agrees Vinodh Poyyapakkam, head of risk policy and consulting at WePay, an integrated payments platform. “With this significant change in the in-store payments landscape making in-store payments secure, fraudsters are rapidly migrating to e-commerce to monetize stolen financial and identity information."
Although large breaches reach the news, those are just the tip of the iceberg, says Miliefsky. “Most cyber criminals want to attack smaller to medium-size (SME) enterprises in waves, in order to stay off the radar of EUROPOL, INTERPOL and the FBI. By refocusing their efforts on the SMEs, they've made small and medium-sized businesses the new target, which means business owners should be vigilant."
Steps to Protect Your Business From Online Fraud
While a firewall and antivirus protections are necessary, they aren't focused on today's threats, Miliefsky warns.
“It's time to get vigilant and get one step ahead of the next threat so that you won't become a victim or a statistic," he says. "It will also be much easier for you to get cyber insurance protection at a low cost if you can document that you've been taking these steps."
Employ best practices.
“Use strong encryption at all times, perform daily backups and have the server(s) tested frequently for vulnerabilities," says Miliefsky.
Secure all computer touchpoints.
“In your intranet and your office, make sure the computers are secure and that you're using some form of breach prevention—also known as Network Access Control or NAC—to avoid having the cleaning company or some guest or rogue employee accessing the PII (Personally identifiable information) to steal it and sell it," says Miliefsky.
“Ensure that you segment the data and segment the network so that only the right people can gain access to the data," he continues. "You can do this with multi-factor authentication, stronger password requirements and virtual LANs (VLANs)."
Beware of spear phishing.
“Most attacks against online shopping experiences start with a spear phishing attack targeting you or one of your C-level employees," says Miliefsky. “Unknowing employees open an email attachment and they get infected with something called a remote access Trojan (RAT) or worse yet, Ransomware. These are very dangerous to your business, so more frequent employee training and tools to stop or block spear phishing are a must-have in today's cyber business world."
Employ the latest online fraud prevention techniques.
“Use cutting-edge tools to identify out-of-pattern transactions and have them either manually reviewed by a risk agent or declined automatically in case of confirmed fraud," says Poyyapakkam. “Businesses can also look at suspicious IP addresses and devices from where the payments originate to identify and mitigate fraudulent payments. Also maintain a database of information on bad payers and confirmed fraudsters."
Consider legitimate customers.
"Maintain the delicate balance between rejecting fraudsters and approving trustworthy customers," says Debbie Cates, CMO at Emailage, a company that provides fraud solutions. “When you stop a fraudster, that's a one-time loss prevented, but every time you deny a loyal customer or send the person to manual review, you risk losing lifetime value."
To mitigate online fraud without turning away legitimate customers, Poyyapakkam advises using a trusted payment processor that employs state-of-the-art, advanced risk technologies.
Read more articles on e-commerce.