Attention: You are now leaving a Wintrust Community Bank website.
Read articles about finances, saving and community news.
Access all the commercial banking resources your business needs to succeed.
by John Rampton
December 05, 2017
by John Rampton
December 05, 2017
If you’re a business owner that accept online payments, then making sure that they’re protected needs to be a top priority. This makes your customers or clients feel safe when they pay you for your goods or services. Protecting online payments will also save your business a lot of time, frustration, and money.
In fact, according to Cybersecurity Ventures, global annual cybercrime costs is expected to grow to “$6 trillion annually by 2021. This includes damage and destruction of data, stolen money, lost productivity, and theft of intellectual property.
It will include theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business. There will be forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.”
For small business owners specifically, the Association of Certified Fraud Examiners found that approximately half have fallen victim to fraud. This fraud at some point during their business lifecycle has cost them an average of $114,000 per occurrence!
To be completely honest, you probably won’t be able to completely prevent a cyber attack or security breach. But, you can take the following steps in minimizing these threats to ensure you are protecting online payments.
Before we go much further in discussing how you can minimize your risk and protect your e-commerce store from fraud, you should first become familiar with the common tactics that cybercriminals use.
While there are various types of online fraud, they can usually be placed in the following two categories:
1. Account takeover: Most e-commerce stores provide customers with accounts that store personal information, financial data, and purchase history. This is where perpetrators use a phishing scheme in order to hack into a business’s account. They then obtain their customers' personal information, financial data and purchase history.
One of the most common tactics is when fraudsters send emails to trick customers into revealing their username and password. They’ll then log into your customers’ accounts, change the password and make unauthorized purchases.
2. Identity theft: Even when a business takes the precautions to secure customer data, fraudsters can still hack into their databases. They then steal usernames, passwords, credit card numbers, and other personal information.
It’s not uncommon for hackers to sell credit card numbers to other scammers. The scammer opens new accounts with e-commerce merchants and makes unauthorized purchases using the stolen numbers.
E-commerce fraud can be difficult to detect since most people don’t check their credit card statements thoroughly or frequently. As a result, victims don’t realize that someone else has opened a new account in their name to make unauthorized purchases.
But, don’t just keep this knowledge to yourself. Research indicates employees create the most security vulnerabilities. In fact, 60% of employees are not knowledgeable or have no knowledge, of the company’s security risks.
“It’s no surprise that employee-related security risk is their number one concern,” says Michael Bruemmer. He is vice president of Experian Data Breach Resolution. “In our incident response service for clients, about 80% of all the breaches we service have a root cause in some type of employee negligence.”
Due co-founder and CTO Chalmers Brown states that the solution is to, “Train and educate yourself and your employees on cybersecurity basics. Teach how to verify transactions, how to identify obscure payment patterns. Make sure employees avoiding unsolicited emails, and reporting any suspicious activity immediately.”
“To prevent rogue employees from doing any damage to your business, closely monitor, control, and manage all privileged credentials to prevent exploitation,” adds Brown. “Also, implement protocols and infrastructure in order to track, log, and record account activity so that you can respond immediately.
If an employee leaves your organization, make sure that you terminate their accounts so that they can no longer access any of your business networks.”
Now that you have a better understanding of the threats that you’re against, make your online shopping experience safe. You can achieve this by creating a secure online payment system.
PCI Compliance. This refers to the PCI DSS or Payment Card Industry Data Security Standard. This is a universal set of security standards created by Visa, MasterCard, American Express, Discover, and JCB. These standards are strictly enforced. Visit the PCI Security Standards website to know the full requirements. Being PCI compliant means using multi-factor authentication and running quarterly checks.
SSL (Secure socket layer). An SSL creates an encrypted link between your website and your shoppers’ internet browsers. This reduces the interception of sensitive data. Once you have an SSL in place, a padlock icon is displayed next to your site’s URL in the browser address bar.
CVV verification. The CVV or CVV2 code is the three- or four-digit code that’s located on the payment card. Requiring shoppers to enter the CVV code when they make a payment provides greater security. This proves they are an authorized card user. Generally, online fraudsters with stolen card numbers do not have the CVV code, so they won’t be able to proceed with the transaction
AVS (Address verification system). This is similar to asking for the CVV code. In this case, you require their billing address. The address is verified with the current billing address on file. The transaction is denied if it’s not a match.
Be offensive in your approach to combatting online fraud by enacting these tactics.
Monitor transactions and reconcile bank accounts daily. Look for red flags like larger than normal transactions. Another red flag is inconsistent billing and shipping information.
Be aware of the high fraud risk regions by checking physical location and IP address. Another is free or anonymous email addresses like Gmail or Yahoo. For more information, check out the FBI’s Common Fraud Schemes.
Set limits. Set limits for the number of purchases and total dollar value that you accept from one account in a single day.
Require tougher passwords. Hackers use sophisticated programs that can run through all the permutations of a password. They’ll quickly figure out a standard four-character password/ To make this a bit more challenging, eight-character, alphanumeric passwords that require at least one capitalization and one special character.
Keep platforms and software up to date. Make sure you’re running the latest version of your operating system. Install and regularly update business-grade anti-malware and anti-spyware software to prevent the latest viruses and malware.
Also, consider these security measures to add more layers for protecting online payments:
While the advice listed above should protect your online payments, it’s important to remember that security is an ongoing process. It requires you to stay on top of security threats and trends in payment fraud.