We look forward to receiving the annual Verizon Data Breach Investigations Report each year simply because the findings very much impact what we offer — credit card merchant account services. We don’t look forward to what we’re going to find, however, because fraud rates have only been escalating while tactics have been getting ever creative and elusive.
Because we’re in the business of offering merchant credit card services to businesses worldwide, our goal is to get merchants processing payments securely and keep them processing payments.
Verizon’s report wasn’t surprising to us — it is obvious there is more fraud committed today than ever before. One factor, however, left us aghast: That human error is still a key problem in facilitating data breaches, in allowing criminals through the safeguards to get what they want.
Two years ago we saw fraud expert Frank Abagnale, Jr. (of Catch Me if You Can fame), speak at the 2016 Money2020 trade show in Las Vegas, and a quote of his has stuck with us ever since. He said that every data breach happens because someone did something they weren’t supposed to do, or didn’t do something they were supposed to do.
What did the Verizon Data Breach Investigations Report find?
Back to our rant about human error in fraud…
The Verizon report detailed that fraudsters still target and exploit company employees the most, particularly in two forms of social attacks:
- Financial pretexting, where the fraudster lies or misrepresents in some form to need access to financial information.
- E-mail phishing attacks, where fraudsters claim the identity of another person or entity (such as the Nigerian prince, e-commerce giant Amazon, or in one of our most recent cases, Janet Yellin, the Chair of the Board of Governors of the U.S. Federal Reserve).
Human resources officers always in the crosshairs
Verizon reported that the frequency of pretexting attacks has grown five times from what was reported in the 2017 report, and noted that human resources staffers, usually the gatekeepers of personal information for any business, are the most popular targets for fraudsters.
Human error, continued
According to Verizon, a vast majority (78 percent) of employees passed phishing tests over the last year, but there is still a significant population that cannot recognize a phishing e-mail from a legitimate one. In the presentation of Mr. Abagnale two years ago, he reiterated that it only takes one person to take a phishing e-mail or financial pretext seriously.
Ransomware still the most common
Ransomware — the act of seizing control of a website for a ransom payment (usually in some form of crypto currency) continues to be the most prevalent threat. Verizon found that hackers are infiltrating businesses critical systems rather than random employee desktops, which has led to larger ransom demands and higher profits for the hackers.
DDoS attacks remain rampant
DDoS attacks, or Distributed Denial of Service, also remain among the most popular hacking methods. A relatively easy attack to organize, a DDoS attack involves the use of botnets (thousands of bots) and malware that literally holds a businesses’ website hostage. When the hackers have rendered a businesses’ website helpless, a ransom note always follows with demands of thousands of dollars to be paid in crypto currency.
Two-plus years ago, a payments industry colleague of ours suffered a DDoS attack, identical to the above scenario, with an email from an Eastern European hacking group demanding 500 bitcoin (then valued at more than $8,000). After consulting several experts, including his hosting company (which refused to host his website any longer), he was able to relaunch his site with a backup template within 36 hours, having only lost three days of edits.
Fortunately, he found another host which specialized in defending such attacks, and proved that overcoming a DDoS attack is possible with the appropriate proactive measures in place, such as:
- Firewall
- Spam filters
- Anti-virus protection
Equally important are regular patches, upgrades and updates as well as employee education.
What does this have to do with credit card merchant account services?
What the Verizon report signals is the dire need for all companies to undergo some type of instruction on recognizing cyber attacks, particularly the ones we mentioned, simply because people are still clicking on links to malware, thus endangering their workplaces.
Moreover, consumers only hear about the large companies that fall victim to data breaches: Equifax, Macy’s, Adidas, Sears and most recently, Facebook. Little do consumers and merchants know that more than two-thirds of data breaches happen to small businesses — merchants who depend on credit card merchant services.
Secure credit card merchant account services with Instabill
When merchants are processing transactions, everybody wins. This is why our priority is matching our merchant partners with the best and secure acquiring banks for their business. Better, we’re on hand throughout the merchant account relationship by telephoning us at 1-800-530-2444.
Have a conversation today about the best credit card merchant account services today.
