Businesses face a constant challenge when it comes to fighting against fraud.
A 2015 report by Financial Fraud Action (see below) has showed that payment fraud in, particular, is a growing headache for businesses and consumers alike – up 6% in 2014 and resulting in losses of £479m on UK-issued cards.
In this contributed article from Paul Clarke, product director at Global Payments Acceptance at Barclaycard, we find out how businesses can protect themselves against the fraudsters
There are a number of factors driving this increase. Firstly, the growth of mobile commerce presents new challenges for retailers. While previously they only had to ensure the security of their desktop website, they now have multiple platforms which need protecting from fraudsters. Secondly, the rise in cross border shopping has opened the door to additional cyber-threats around the world, so businesses need to be more vigilant than ever before.
Defending against data breaches
Data breaches are one cause of payment fraud. These can lead to the theft of customer data, including card details, which can then be used to make fraudulent transactions. Research suggests SMEs are just as much at risk as their larger corporate counterparts. According to UK government figures from June 2015, 74% of SMEs had suffered information security breaches within the previous year, and industry experts predict that this will rise in the next three years. This means it is more important than ever for small businesses to ensure they have the appropriate protection in place – and fortunately, it’s easier than it may seem.
Businesses can deploy some simple measures to keep their systems – and therefore their customers – protected. Making sure you understand and follow these procedures will go a long way towards keeping safe the data you hold, ultimately helping to avoid an incident of payment fraud.
- Cover the basics: Firstly, all businesses should complete a risk assessment to understand what potentially sensitive or valuable information is being held, and where it is. This informs what controls are needed to protect customer data. By identifying what data is attractive to criminals, you will be in a much better position to take the right precautions to keep it safe.
- Adhere to standards: Make sure you are compliant with the Payment Card Industry Data Security Standards (PCI DSS) which are designed to ensure that you’re processing and storing customer card data as securely as possible. Being compliant won’t stop your business from being targeted by data thieves, but it will make sure that you’re in the best position to prevent an attack, helping you avoid the financial and reputational losses.
- Enlist your web developer: Ask your web developer how they are protecting customer information, including personally identifiable data. Web developers should also frequently conduct patch management, monitor your site for suspicious activity and regularly search for traces of malware.
- Keep the conversation going: Security is not a one-off cost, it’s an on-going – and essential – business investment. Maintain a dialogue with your web developer and payment provider to keep abreast of the latest cyberthreats and solutions – this will ensure you stay protected even as the landscape changes.
In the event that data is compromised, businesses should stay alert – this is because one merchant’s data breach may lead to fraud on the website of another. Fortunately, the payments industry has put in place a number of measures to help restrict the damage. Existing solutions include 3D Secure, Card Security Code and the Address Verification Service.
These all require customers to enter additional information at the point of sale during card-not-present transactions to assess whether the transaction is genuine. Additionally, the Industry Card Hot File – a subscription service which compares card details against a list of lost or stolen cards – can help to block attempted transactions made as a result of a data breach.
Implementing security best practice will go a long way towards protecting your data and that of your customers. It will also ensure that, even in the event of a breach, you are in the best position possible to continue trading and mitigate the financial and reputational impact on your business.