Three quarters of point-of-sale merchants in the US either aren’t ready for or don’t know about the EMV liability shift – to take place on Oct. 1, 2015. It has fraudsters and hackers chomping at the bit for the prospects.
Once hackers are unable to penetrate the unique chip code EMV cards generate, they will turn their wrath to e-commerce businesses. It happened in Europe when e-commerce took hold in the late 1990s and early millienium; then again in Canada when it migrated to EMV cards from those with the magnetic stripe.
Without proper and timely action, e-commerce merchant accounts and the merchants and customers which they serve are in grave danger from hackers.
Card-Not-Present Fraud: ‘It Will Be Worse’
Because US businesses and consumers have Europe and Canada as post-EMV models to follow, logic has it that the heavily predicted card-not-present fraud won’t be as rampant here. An industry insider disagrees and believes CNP fraud will be worse than it was in either country.
“I think it will be worse. Only 25 percent of merchants know what EMV is, and it’s coming in two months,” said Ed Black, the Director of New Business and PCI Compliance at Comodo, an internet security provider. “We also know from the Verizon report that only 29 percent of merchants stay PCI compliant within a year of attestation.”
3 Things Online Merchants Should Do
Remember that scene in the 1984 film Gremlins where the small group of critters falls into a swimming pool, multiplies in the thousands and wreaks havoc in the small town? A hacker penetrating an e-commerce website can be looked upon similarly. Once the hacker has penetrated a business’ website, he now has access to the credit card data of its customers.
Upgrade Operating Systems: Hackers prey on merchants that use old operating systems, such as Windows XP, that no longer go through security fixes and upgrades. “Windows XP no longer keeps up with the needs and threats of 2015,” said Mr. Black. “Windows doesn’t make patches or support it any longer, yet hackers know that people still use it. And they exploit those weaknesses.”
Quarterly PCI Scans and Penetration Testing: Merchants simply need to decide how valuable their business is and how much they want to invest to protect it. PCI scanning costs less than $100 per year. Penetration testing, required for some merchants, is upwards of $7,000 a year.
“Penetration testing is very labor intensive,” said Mr. Black. “If you are an e-commerce merchant and fall under the A-EP, C or D merchant categories, it is required. It is now the cost of doing business.”
Invest in TLS Certificates: Merchants need to upgrade from SSL certificates to TLS (Transport Layer Security) 1.2 to protect their e-commerce merchant accounts. “TLS certificates can be relatively inexpensive depending on how many domains, subdomains and IPs need to be covered,” Mr. Black noted.
Considering the consequences – losing your customers’ credit card data and possibly your business – PCI DSS 3.0 and 3.1 compliance are necessary investments.
Protecting E-Commerce Merchant Accounts with Instabill
Instabill and Comodo entered into a partnership in late March to offer merchants advance notice, preparation and defense for the expected onslaught of CNP fraud. Speak with a merchant account manager one-on-one about protecting your e-commerce merchant accounts at 1-800-318-2713 or by clicking the live chat option below.