We’re not big on New Year’s resolutions here, but there are a few things e-commerce merchants might want to take under consideration, if not already, for 2017 regarding credit card fraud.
It’s going to get worse.
As a reminder, with the U.S. migrating from credit cards with the magnetic stripe to those with the microchip, it is resulting in significantly fewer cases of credit card counterfeiting — as Jim Daly astutely notes in a recent Digital Transactions article — and way more cases of card-not-present fraud.
The Alarming Truth About Credit Card Fraud
Just over a year ago, for a contribution to The Green Sheet, we wrote about the forthcoming spike in card-not-present fraud, which is happening en masse to no one’s surprise. Our expert source for the piece was Benjamin Hosack, the co-founder of Foregenix, a digital forensics and information security firm based outside London.
What he told us was alarming:
- From 2013 to 2014, he saw a six times the amount of CNP attacks on e-commerce businesses. “It’s been easy for them,” he told us, referring to hackers.
- Hosack also noted that, through an experiment, he and his colleagues received a list of the top one million websites worldwide for payments transactions, and found security deficiencies in thousands of them. “Any serious attacker knows what to look for.”
- And he said this: “We believe there are going to be some really challenging times ahead for the U.S.”
How Merchants Can Prevent Credit Card Fraud
While the outlook for U.S. merchants (and consumers) looks and sounds grim, they aren’t defenseless by any means. When we asked Mr. Hosack about what merchants can do to protect themselves, he didn’t mention 3D Secure, SSL certificates or PCI compliance (although they most certainly will help).
His first piece of advice for merchants was to outsource their payment platform to the payment service provider or acquiring bank. His reasoning was clear: Not only do the hackers need to penetrate the merchant’s website, but they must also infiltrate the transaction process. When a merchant uses a third party to host its payment processing, it’s a massive hurdle for hackers.
Here are the four remaining tips from Mr. Hosack:
- Invest in a web application firewall: Online merchants (and your average computer owner) may forget to install security updates and patches. A web application firewall acts as a virtual patch.
- Monitor changes on your e-commerce website: Is it suddenly slower? Are there new files, files missing or settings changed? This is a sign that your system has been infected with malware.
- Don’t skimp on your e-commerce platform: WordPress, Magento and osCommerce are regarded as the best e-commerce website platforms, offering routine patches and security updates.
- Test your site regularly: Partnering with a company (such as Foregenix) which tests regularly for vulnerabilities is a worthwhile investment.
Instabill is a Step Ahead
When merchants sign on with Instabill, we link the website’s checkout page to the secure payment gateway of the acquiring bank with which we match your business. We also offer security solutions such as 3D Secure, SSL certificates as well as PCI compliance through one of our partners.
Discuss securing your online business with a live merchant account manager at 1-800-530-2444.