As we close in on the holidays, many people are scrambling to complete their holiday shopping. With the convenience and ease of online shopping, many shoppers plan to do the bulk of their holiday shopping online.
While total holiday sales are expected to increase 3.6 percent from last year, online sales are anticipated to rise between seven and 10 percent, according to the National Retail Federation (NRF). A survey from Internet Retailer found 73 percent of respondents will complete their holiday shopping online, with 22 percent reporting they won’t shop in stores at all.
Despite all the advantages of online shopping, there’s one major drawback— the rise of online fraud. From Black Friday to Cyber Monday, the biggest shopping period of the year, fraud in card-not-present transactions increased 20 percent, compared to the same period in 2015. Fraud climbed 34 percent from the holiday shopping weekend in 2014 to 2016.
Though fraud usually rises during times of higher traffic, the move from magnetic stripe cards to EMV chip-enabled cards could be why fraudulent transactions have climbed from previous years. EMV technology aims to make credit card transactions more secure. EMV cards are difficult, if not impossible, to duplicate, which is why they’re better than magnetic stripe cards. What many consumers don’t realize, though, is that the increased level of security only pertains to in-store transactions, where the card is in your possession.
As we continue to convert to EMV cards, fraudsters are rushing to cash in on those stripe and swipe cards before they’re fulling taken over by EMV. And, criminals are turning to the web to cash out. E-tailers and consumers alike need to understand the potential threats and do their part to mitigate their risks of falling victim to fraud.
How Criminals Steal Information
There are a number of crimes that can be considered credit card hacking. These crimes involve using stolen credit or debit information to steal money from people’s bank accounts. Here are the main ways criminals can steal someone’s information.
Scammers can steal credit or debit card information using a small device called a skimmer. The skimmer attaches to a card reader on an ATM machine or gas station pump and steals your card information when you swipe your card. Skimmers blend in with the equipment and don’t inhibit a card reader from working properly, so they often go unnoticed.
Skimmers make it easy for criminals to steal data from a card with a magnetic stripe. This is because the data on magnetic stripe cards don’t change, and criminals can repeatedly replicate the data. EMV chip cards, however, create a unique transaction code every time they’re used for payment. If credit card information is stolen at a business that has not yet employed EMV technology, then that business is held responsible in the event that fraud does occur.
Savvy cybercriminals use phishing scams to trick their victims into giving them their information. Phishers act as a legitimate organization, such as a bank, business or government department, and send unsolicited messages via email, phone or text asking you to hand over your sensitive information. Criminals can also create fake sites that pose as a real website to steal your data.
Scammers can install malware (short for malicious software) on someone’s phone or computer without them knowing. Clicking on an infected link or downloading an infected app can get the malware onto your device. The software goes undetected and searches for sensitive data, which is sent back to the cybercriminal running it.
Criminals who steal information can sell it to other criminals on what’s called the dark web. Think of the dark web as the internet’s black market. This information could include a person’s name, address, birthdate, contact information and/or credit card number.
Protecting Sensitive Information
Any business or person can fall victim to fraud. Fortunately there are many steps you can take to mitigate your risk. Consider these tips to protect your business and your customers from cybercriminals.
Strengthen Your Website
With the rise of cybercrime, make sure you are employing the best tools and strategies to keep your website and payment processes secure. Use an ecommerce platform that has built-in anti-fraud protection and offers risk management support to mitigate the risk of fraud. Implement advanced anti-fraud solutions and software on your site, including tools that regularly scan your site for malware and other threats. Advanced online fraud protection solutions will allow you to detect threats quickly and respond before it’s too late. No matter the type of software you use, make sure you update it as new updates become available.
To keep customer data secure, maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS). All companies that process, transmit or store customer data are required to be PCI compliant. The standard is constantly evolving, so ensure your business is adapting with these changes to avoid new and emerging vulnerabilities.
Screen Suspicious Activity
Use a secure online credit card processing platform that flags suspicious activity, such as:
- The use of suspicious email accounts, such as firstname.lastname@example.org
- Multiple orders placed by the same person and shipped to different addresses
- Multiple orders placed by the same person using different credit cards
- Multiple and/or large orders of big ticket items
- An IP address that doesn’t match the credit card address
- Orders placed with a U.S. card but shipped to a foreign country
The platform will alert you when suspicious activity occurs, so that you can investigate the order. To also avoid fraudulent transactions, limit the number of times a customer can enter their credit card information. While a customer can mistakenly enter their information incorrectly once or twice, multiple wrong entries likely means a criminal is trying several stolen credit cards hoping that one goes through.
Require Credit Card Security Codes
The security code is the three-digit number located on the back of the credit card. For American Express cards, the security code is the four-digit number printed on the front of the card. The code is not stored in the card’s magnetic stripe or chip and is not printed on receipts. Therefore, it can’t be easily stolen. In order to enter the security code, a person must have the physical card in their possession. To ensure the person is in possession of the card, always require your customers to submit the security code before approving a purchase.
Require Strong Customer Passwords
When your customers create an account on your website, require them to use a strong password. A strong password is one that’s long and contains a combination of numbers, symbols, and lowercase and capitalized letters. Also encourage them to not use the same password as their other accounts. Using strong and diversified passwords can help prevent hackers from uncovering them.
Online crime is a growing problem, and cybercriminals are becoming more sophisticated in their attacks. But, being aware of the potential threats and implementing smart anti-fraud protection strategies can help you minimize the risk of fraud and protect your customers and your business.