Too Much Security? There’s No Such Thing

BASYS Processing - Security - Lock

Too Much Security? There’s No Such Thing

Retailers are retailers, not security experts. Too often, their best efforts can create friction at the point of sale for consumers, which leads to shopping cart abandonment and lost revenue, all while feeding the illusion of “too much security.”

It goes without saying that eCommerce security is paramount as cybercriminals get smarter and more creative. Between account takeovers, business logic abuse, loyalty and reward points fraud and other cybersecurity attack methods, companies are not only suffering financial damages but brand image damages too.

Yet surely there is a line — a point where the bell curve peaks and begins its downward plunge — a point where there’s simply too much of a good thing, and the friction introduced on the consumer side is no longer paying off in terms of revenue.

Not according to Angel Grant, director of Global Product Marketing and Strategy for cybersecurity firm RSA. “There’s never ‘too much’ security,” Grant said. “But there can be too-intrusive security. It’s not too much security; it’s focusing on the right security.”

So how does a merchant focus on the right security and prevent their customers from abandoning shopping carts? Grant said they must understand what they are fighting in a world of changing threats and changing defenses.

That’s why cybersecurity firm RSA recently teamed up with 451 Research to produce a white paper outlining how merchants can balance good business with good security and focus on what they really care about: making customers happy. Here are a few of the top things every eTailer should know about fraud in 2017.


1. Card Not Present Fraud Is A Big Threat

EMV chip cards have made it more difficult and expensive for fraudsters to clone cards, so cybercriminals are focusing on channels where they don’t need to present one — namely, eCommerce. And buying stolen credit card digits is easier than ever. Cybercriminals aren’t even hiding the activity within the dark web anymore — just try searching “CVV” on Facebook to see how they’re transacting in plain sight. On top of that, phishing emails today may present official logos and names or even mimic the writing patterns of a CEO or other executive to trick recipients into clicking on malicious hyperlinks. These links lead to mocked websites where phishers await to capture log-in data.


2. The Bad Guys Know How To Play The System

Cybercriminals have learned to abuse business logic, meaning they know the navigation paths around a website, the logic of how it is set up and the vulnerabilities to exploit. There are ways for honest customers to get discounted rates or coupons. A fraudster can use his knowledge of those vulnerabilities to compound discounts at the point of sale without being detected. For example, on a wireless transfer site, live approval may be required for transfers exceeding $10,000. A fraudster abusing the business logic of the site may initiate 10 transfers of $1,000 each to slip under the radar.


3. Legacy Solutions Alone Are Not Enough Anymore

Legacy solutions are good at what they do and are still necessary, said Angel Grant. For example, web application firewalls are needed to filter inbound traffic and search for software defects. But they can’t detect an account takeover or business logic abuse. Today’s merchants need predictive analytics and behavior analytics tools to create deep entity profiles of their customers, which introduce more hoops for the fraudster to jump through and less for customers.


4. More Solutions Aren’t Better Unless They’re Working Together

Rather than keeping their fraud solutions in silos, eTailers are better off centralizing their fraud management strategy so that the technologies they’ve invested in can complement each other. An independent survey by RSA showed that 57 percent of organizations were using four to 10 different tools within their anti-fraud operations strategy. Centralizing those tools would increase their fraud detection rates exponentially and, at the same time, would reduce customer friction and merchant expense to maintain the system.


5. Solve These Core Problems And The Rest Will Follow 

Merchants must be able to identify and respond to external threats — ideally, before they happen or in the early stages of an attack. They should invest in tools that will give them visibility into traffic across channels and trends between customers shopping online, whether those are registered customers or one-time shoppers. Memorize what “normal” looks like so that, when the inevitable fraud attack comes, it will be easy to spot. No breach is ever good news for the brand, but how a company prepares beforehand (or responds in the aftermath) can make a big difference.

The modern world isn’t kind to eTailers, but if they batten down the hatches, they can weather the fraud storm and reduce lost revenue.

“New attacks emerge every day,” said Grant. “That’s never going to stop. It’s just a matter of taking a look at that attack and applying or modifying existing technology to solve it.”

*** This content originally appeared on on August, 18.2017

BASYS Processing as a business partner 

Does your current processor understand the unique struggles of your industry? Do they provide great rates and personal customer service? Are they offering solutions to grow your business and being proactive about helping you reduce risk and increase your savings? 

Contact BASYS today to learn more about innovative payment solutions that will save you time and money. We make accepting debit cards and credit cards convenient, safe and affordable. 

BASYS Processing features: 

•A friendly, live voice will answer the phone when you call; no automated phone systems 
• In-house PCI Compliance team to walk you through the process step-by-step, improving security and reducing costs
• A knowledgeable Account Manager assigned to your business to support your needs 
• Accept payments in person, over the phone or online
• Next-day funding options 

About BASYS Processing 

BASYS Processing provides credit card and debit card processing services, plus solutions that include terminals, virtual terminals, e-commerce, mobile, and point-of-sale, customized to fit any need.  Banks, associations, and software partners depend on us to strengthen their reputations and relationships with their customers by providing remarkable service paired with ultimate flexibility and pricing. Merchants depend on us to make accepting credit cards and debit cards convenient, safe & affordable. BASYS was founded in 2002 on one philosophy: to take care of our merchants, partners, and employees so they never want to leave. We are dedicated to working one-on-one with our customers to design the perfect solution. BASYS is Personal Payment Processing. 

Learn more at, and connect with us online at: 

• YouTube