Merchants have a tool for fighting fraud and most may not even know it: we call it cyber threat intelligence sharing, a fancy title for sharing your story of a recent cyber attack you may have suffered or prevented.
Obviously, there is a war in progress between e-commerce merchants and hackers, especially small business merchants, and there is no end in sight. Your story may encourage another merchant to be proactive, to take further precautions or prevent another from falling victim to a scheme.
About a year ago, we read a terrific piece in Payments Source on how hacking, DDoS and information theft are big industries in certain parts of the world, whose culprits share information.
So, why shouldn’t e-commerce merchants?
Four cyber threat intelligence stories to learn from
Cyber threats expand far deeper than stealing a few credit card numbers from an online merchant. Below are some of the things we’ve seen our colleagues endure:
1. ‘We have control of your website…’
We have a competitor/partner who was unable to view his website one Friday morning about a year ago. While checking his e-mail, he noticed a ransom letter from someone representing an Eastern European hacking group demanding he pay 500 bitcoin (at the time, about $8,000) for its release within 72 hours. Failure resulted in an increase of 300 BTC per day.
Luckily, he had his website backed up every three days. With a little maintenance and a new IT security provider, he was able to re-launch within 24 hours.
The moral: Make certain your website files are backed up.
2. ‘You are heir to a fortune’
We get phishing e-mails all the time, from the Nigerian prince to others that resemble legitimate companies seeking sensitive and valuable information. I make it a point to take screenshots of them and share them across our social media channels.
3. ‘Congratulations on your new online account’
Last fall we received a congratulatory e-mail for opening an online shopping account at Walmart. It was a legitimate account under a general company e-mail that we use.
Firstly, no one here opened an online account with Walmart. So we blogged about it, then shared it on social and the good folks at Walmart e-commerce closed the account. We received several messages thereafter from folks who told the same story.
We also turned the matter over to our outstanding IT provider, who also confirmed it was a legitimate account, and that the objective from the hacker was to poach further information from us. He was unsuccessful.
4. Transaction Laundering
Since we offer merchant accounts to high risk e-commerce businesses, we’ll get the occasional inquiry from a merchant whose website raises red flags. One merchant seeking payment processing sold school supplies – ridiculously expensive school supplies – while charging ungodly amounts for items anyone can purchase for far less money at any retail store.
We confronted the merchant about this, but he denied any foul play and professed his legitimacy. We deemed he was too high a risk. Within the month, his site was offline.
The 3 best ways to share cyber threat intelligence
We’re big fans of blogging here at Instabill, not only because it is a vital tool in ranking high in online search, but we feel a responsibility to deliver relevant, helpful content — including cyber threat intelligence — to our network of merchants, ISO partners and acquiring banking partners.
Having a blog is your platform to tell your story. Getting folks to find and read it, however, is another challenge.
- Blog: Your website’s blog is the ultimate medium to tell your story about how you were hacked, what you did in the aftermath and what future preventative actions your taking. But how do you get people to find it? Read on…
- Social channels: Every merchant shares on social media to some degree. At Instabill, we have seven social media profiles – some more effective than others – and we utilize them as best as we can. Our most effective channels are Twitter, LinkedIn and Facebook, with well over 1,000 followers on each. By sharing on each, we’ve built a significant readership.
- Forums: Sharing on some forums is tricky. Many, such as Reddit, may not allow the sharing of blogs or attempts for inbound traffic. However, condensing your story and soliciting feedback – i.e., has anyone experienced this? What can I do? – is an excellent way to get your story out there and educate yourself.
Safeguard your merchant account
For more information on merchant account fraud protection for your business, contact an Instabill merchant account manager at 1-800-530-2444.