04 Oct Too Much Security? There’s No Such Thing
Retailers are retailers, not security experts. Too often, their best efforts can create friction at the point of sale for consumers, which leads to shopping cart abandonment and lost revenue, all while feeding the illusion of “too much security.”
It goes without saying that eCommerce security is paramount as cybercriminals get smarter and more creative. Between account takeovers, business logic abuse, loyalty and reward points fraud and other cybersecurity attack methods, companies are not only suffering financial damages but brand image damages too.
Yet surely there is a line — a point where the bell curve peaks and begins its downward plunge — a point where there’s simply too much of a good thing, and the friction introduced on the consumer side is no longer paying off in terms of revenue.
Not according to Angel Grant, director of Global Product Marketing and Strategy for cybersecurity firm RSA. “There’s never ‘too much’ security,” Grant said. “But there can be too-intrusive security. It’s not too much security; it’s focusing on the right security.”
So how does a merchant focus on the right security and prevent their customers from abandoning shopping carts? Grant said they must understand what they are fighting in a world of changing threats and changing defenses.
That’s why cybersecurity firm RSA recently teamed up with 451 Research to produce a white paper outlining how merchants can balance good business with good security and focus on what they really care about: making customers happy. Here are a few of the top things every eTailer should know about fraud in 2017.
1. Card Not Present Fraud Is A Big Threat
EMV chip cards have made it more difficult and expensive for fraudsters to clone cards, so cybercriminals are focusing on channels where they don’t need to present one — namely, eCommerce. And buying stolen credit card digits is easier than ever. Cybercriminals aren’t even hiding the activity within the dark web anymore — just try searching “CVV” on Facebook to see how they’re transacting in plain sight. On top of that, phishing emails today may present official logos and names or even mimic the writing patterns of a CEO or other executive to trick recipients into clicking on malicious hyperlinks. These links lead to mocked websites where phishers await to capture log-in data.
2. The Bad Guys Know How To Play The System
Cybercriminals have learned to abuse business logic, meaning they know the navigation paths around a website, the logic of how it is set up and the vulnerabilities to exploit. There are ways for honest customers to get discounted rates or coupons. A fraudster can use his knowledge of those vulnerabilities to compound discounts at the point of sale without being detected. For example, on a wireless transfer site, live approval may be required for transfers exceeding $10,000. A fraudster abusing the business logic of the site may initiate 10 transfers of $1,000 each to slip under the radar.
3. Legacy Solutions Alone Are Not Enough Anymore
Legacy solutions are good at what they do and are still necessary, said Angel Grant. For example, web application firewalls are needed to filter inbound traffic and search for software defects. But they can’t detect an account takeover or business logic abuse. Today’s merchants need predictive analytics and behavior analytics tools to create deep entity profiles of their customers, which introduce more hoops for the fraudster to jump through and less for customers.
4. More Solutions Aren’t Better Unless They’re Working Together
Rather than keeping their fraud solutions in silos, eTailers are better off centralizing their fraud management strategy so that the technologies they’ve invested in can complement each other. An independent survey by RSA showed that 57 percent of organizations were using four to 10 different tools within their anti-fraud operations strategy. Centralizing those tools would increase their fraud detection rates exponentially and, at the same time, would reduce customer friction and merchant expense to maintain the system.
5. Solve These Core Problems And The Rest Will Follow
Merchants must be able to identify and respond to external threats — ideally, before they happen or in the early stages of an attack. They should invest in tools that will give them visibility into traffic across channels and trends between customers shopping online, whether those are registered customers or one-time shoppers. Memorize what “normal” looks like so that, when the inevitable fraud attack comes, it will be easy to spot. No breach is ever good news for the brand, but how a company prepares beforehand (or responds in the aftermath) can make a big difference.
The modern world isn’t kind to eTailers, but if they batten down the hatches, they can weather the fraud storm and reduce lost revenue.
“New attacks emerge every day,” said Grant. “That’s never going to stop. It’s just a matter of taking a look at that attack and applying or modifying existing technology to solve it.”
*** This content originally appeared on PYMNTS.com on August, 18.2017
BASYS Processing as a business partner
If your current credit card processing provider isn’t meeting your goals in terms of low fees and exceptional service, please call BASYS Processing at (800) 386-0711. Let’s talk about creating a true business partnership that will help you meet and exceed your goals for accepting credit cards and other payments. We make accepting debit cards and credit cards convenient, safe & affordable.
BASYS Processing features:
– Live operator when you call support – no automated voice systems
– Dedicated Relationship Manager for questions and concerns
– Quick response time for your questions and concerns; you are a priority
– Family owned since our founding in 2002
– A+ BBB rating
– 90% + Customer Retention Rate
– Proactive contact with every merchant to walk through the annual PCI process
– In-house PCI Team to assist with questions and concerns
– Solutions including terminals, virtual terminals, e-commerce, mobile, and point of sale
– EMV compliant products
– Reporting for customer, sales, and inventory management
– Gift and loyalty card programs
– Easy-to-read statements
– Transparent pricing
– Tremendous savings
About BASYS Processing
BASYS Processing provides credit card and debit card processing services, and solutions that include terminals, virtual terminals, e-commerce, mobile, and point-of-sale, customized to fit any need. Banks, associations, and software partners depend on us to strengthen their reputations and relationships with their customers by providing remarkable service paired with ultimate flexibility and pricing. Merchants depend on us to make accepting credit cards and debit cards convenient, safe & affordable. BASYS was founded in 2002 on one philosophy: to take care of our merchants, partners, and employees so they never want to leave. We are dedicated to working one-on-one with our customers to design the perfect solution. BASYS is Personalized Payment Processing.
Learn more at basyspro.com, and connect with us online at: