Secure Your DataProtect Your Customers & Your Business
There’s no mistaking that we are gradually becoming a cashless society. Even though hard currency will be around for a while yet, there are ways to make convenient purchases without it, from the old-but-evolving credit card to using cutting-edge technology such as your cell phone. We trust these methods to be secure, but criminals still find a way to scam money and steal important information. How can you keep data safe for you and your customers?
How Can Data Be Stolen?
The Better Business Bureau now considers online scams to be the riskiest form of fraud for consumers, and this is apparent when you look at the variety of ways that consumers can be ripped off.
Credit and debit card skimming is one of the most popular methods of stealing data.
For example, there’s the tech support con. The scammer may send an email, install malware that generates alarming pop-up messages, or make a cold call and pretend to be from a well-known company like Apple or Microsoft. Using lots of smooth talk and technical terms, they’ll ask for remote access to your computer, and change its settings leaving you wide open for a data breach.
Another popular way to cheat consumers is the fake website scam. Criminals will set up a web page that looks exactly like a legitimate one—a bank, for example—and direct people to it with spam emails, with the aim of harvesting their data. They can be very convincing, but a little digging around can reveal their true intent. Check the domain name, as a fraudulent site will reference a high profile brand but won’t be the official web page. Browsing the site can be effective too. Does it offer contact details or a shipping and returns policy? Are there lots of spelling and grammar mistakes in the web copy? This may indicate that it’s been hastily built for a quick profit, and should set off alarm bells.
What is “Skimming”?
Credit and debit card skimming is one of the most popular methods of stealing data. Victims are often completely unaware of the crime until they come across fraudulent charges on their accounts, or find that money has been taken from an account even though their cards never left their sight. How could this happen?
Crooks use a small electronic device, piggybacked on to a payment machine or ATM to steal information from a card in an otherwise legitimate transaction. When the card is swiped through a skimmer, it reads the magnetic strip and extracts its information, including the card number, the expiration date, and the holder’s full name and address.
Of course, a thief would need a few undisturbed moments to install such a device, which is why they’re often placed on gas stations and ATMs. Be sure that your payment machine is not easily accessible to customers if an employee isn’t at the counter. Sometimes, they’re even accompanied by a tiny camera that films the unsuspecting card owner entering their PIN.
Shockingly, skimming rings are known to recruit retail and restaurant workers. As you hand over your credit card to pay, the employee may walk away with the card, and this provides the perfect opportunity to steal your information using a handheld device.
Once the data is harvested, it is transferred to a cloned card that can be used for in-store purchases, or sold to the highest bidder over the Internet.
Spotting a Skimmer
The bad news is that unless you’re specifically looking for a skimmer, you may not notice anything out of the ordinary. They’re crafted to blend seamlessly to the machine they’re attached to. However, if you make sure to familiarize yourself with the look and feel of the devices on your premises, you may spot the following:
A reader that protrudes from the panel – If you notice a card reader that sticks out from the rest of the machine, it may be a skimmer device.
Parts of the card reader are loose – Any card reader should be securely affixed, and moving parts are a sign that the machine has been tampered with.
A thicker keypad than normal – This is a sign that a fake keypad may have been placed on top of the real one with the purpose of stealing your PIN. If the keys seem hard to press, cancel the transaction.
Naturally, you should treat any inquiries or complaints about information theft occurring on your retail premises with the utmost concern, and carry out a thorough check of both your payment hardware and computer systems.
How Can You Prevent Online Shopping Fraud?
If a fraudulent transaction has taken place, customers are usually protected, but merchants are not. This means that if you’re a victim, you can lose the product you’re selling as well as the payment itself. Naturally, as a merchant you want to minimize this risk. There are many precautions you can take to help prevent online fraud and protect your customer’s data:
Process card information manually – If your merchant services are set up to automatically process credit cards, consider changing this. You’ll have the chance to check the details of the order and verify any aspects of it that raise suspicion.
Verify addresses – With an Address Verification System (AVS), you can add an extra layer to your security. It confirms the cardholder’s billing address, postal code, and phone number with the bank that issued the card. It’s not quite perfect; AVS matches don’t confirm that a purchase is legitimate as fraudsters may have the correct data, but it certainly makes things more difficult for them.
Check Card Verification Value (CVV) details – The CVV is the number printed on the signature strip on the back of the card, and you can ask customers to provide this when ordering online. Again, if the number is incorrect it doesn’t necessarily mean that fraud is occurring (the customer may have simply entered the wrong information) but it’s a sign that you should investigate before allowing the purchase.
Check the IP address of the purchaser – If your suspicions are raised, you can check the IP (Internet Protocol) address to see if it’s legitimate. The IP address is a unique string of numbers that identifies each computer, and you can see if its location matches that of the customer’s home. It sounds very technical, but your merchant host may have provided simple tools you can use to do this.
Contact your merchant provider and issuing bank – You can verify you customer’s details with a phone call, and the customer’s bank may even make a courtesy call to the customer to verify the purchase.
Call your customer – Sometimes this is the simplest way to verify a purchase and the most effective. Not only can you confirm details, but also you’re providing a great customer service. Your customers will be pleased that you’re acting to keep their data secure.
If a fraudulent transaction has taken place, customers are usually protected, but merchants are not.
Locking Down Your Customer’s Information
Your business depends on the trust you build with customers, and violating that trust can have a disastrous effect. You could lose the confidence of your clients and thereby lose sales, suffer fraud losses, lose your ability to accept payment cards, or even find yourself being hit with a fine or other legal costs.
Although card readers can be compromised, they’re not the only part of the payment system you should review. Other vulnerabilities include:
* POS systems
* Store networks and wireless access routers
* Credit and debit card data storage and transmission
* Online payment apps and shopping carts
A good starting point to protect these is to make sure that you have a high-grade network and email protection that does a good job of filtering out spam, malware and other dangerous files.
Next, take a close look at the computer systems you’re using. Are your operating systems and applications the latest versions? Many criminals exploit software that has not been patched with security fixes, and rely upon you being negligent in keeping your system up-to-date.
Sometimes, a current operating system still isn’t enough to repel attempts to steal your data. You can install software that will protect your web gateway, and block exploit kits—think of these as the digital version of lock-picking tools—from infecting your system. You should also consider deleting any software that does not have a direct application to your business; it’s an unnecessary security risk.
Take the time to keep abreast of the latest data security threats, and ensure your employees are aware of them also. You owe it to yourself, your business, and most importantly, to your customers.