Crime isn’t the same as it used to be. The days when most fraud was committed by mail or in person are largely gone and replaced by a much simpler and more problematic method. Criminals now work together online to defraud businesses and consumers of their money by hacking databases and stealing information.
We hear about it on the news all the time; big box retailers’ databases are cracked, leading to thousands upon thousands of stolen credit cards, Social Security numbers and other forms of personal information. Anything the company saves in their system gets taken by these cyberattacks. What you don’t typically hear is what these criminals are actually doing with this stolen information.
Would you believe there’s actually an online marketplace where criminals buy and sell stolen credit cards and identities? This can include limited amounts of information, such as simple credit card numbers, down to specific details, such as names, billing and shipping addresses, phone numbers, Social Security numbers and even your mother’s maiden name!
To utilize stolen credit cards, criminal syndicates often work together to place large orders for items that can be easily resold or directly cashed in (such as gift cards) and then coordinate for the items to be picked up at a specific drop location. Like all crimes, these activities often cost both the consumer and the business money in the form of overdraft fees, chargebacks and other penalties (not to mention lost merchandise).
Protecting Your Business
Just because crime is on the rise doesn’t mean your online business needs to be on the receiving end. There are steps you can take to prevent the theft of your customers’ information, and most are neither complicated nor expensive. Depending on the size of your business, different measures will be more beneficial.
For very small businesses of just a few people, it’s a good idea to start by securing the connection of any devices that may process or contain any form of financial information or customer information. That includes credit cards, contact and billing addresses, names, etc. You’ll want a few different tools to secure your devices.
The first is a Virtual Private Network (VPN). A VPN service works to your benefit by encrypting the connection of your device and substituting your IP address with the server’s. This effectively makes your device anonymous and prevents any intercepted data from being used. It also dramatically reduces the likelihood of being a target to begin with.
Hackers, like anyone else, are looking for easy money, and a small business isn’t somewhere they want to spend a ton of time trying to infiltrate layers of security. A VPN is one of the best ways to secure your connection. It also helps to have a good firewall setup, especially if you’re using a static internet connection.
Even though they come standard on most PCs and Macs, you’ll still want a good anti-virus program on any device you use. As tablets and smartphones are increasingly a part of business, you’ll want one on those as well. Malware can be used to perform keylogging, literally sending logs of everything typed on your devices. This is an easy way for hackers to steal passwords to your important business accounts.
Recommended anti-virus programs include those by Avast!, Panda and Malwarebytes. All have professional versions your business can purchase that will improve their functionalities and offer additional useful features, such as theft protection for mobile devices.
Fraudulent Orders
For businesses dealing in larger and more frequent orders, you’ll need to be on the lookout for suspicious activities that may result in stolen merchandise and chargebacks. Spotting unusual orders takes some degree of training on the part of you and your employees, but there are a few things to look out for.
Substantial orders placed by customers who have had no contact with your company are suspicious and should be checked when possible. If able, you should request a telephone contact from your customers, as criminals are unlikely to provide their own telephone numbers and a simple call may stop the whole cycle.
Billing addresses exist for a reason and your company should check that the billing address matches what the credit card company has on file. Though not always a sign of fraud, packages sent with rush delivery to locations other than the billing address can also be suspicious and may warrant a phone call or email notification to alert your supposed customer that a package is on the way.
Be aware of what your product is used for and your target market. If your company is selling primarily US goods to US customers, an order with a US credit card sent to India may be unusual and worthy of suspicion. Keep an eye on your average ticket sales, as fraudulent orders are frequently large purchases.
Ensure your company requires the 3-digit (4-digit for AMEX) verification code on the back (front for AMEX) of the credit card being used. Using a credit card processor to vet cards coming to your business adds to cost, but can help reduce the amount of fraud you’ll have to deal with.
Customer Data
While it can be tempting to keep a detailed record of all your customers and their credit cards, doing so puts their data and your business at risk. Whether the risk comes from an outside attack or from a disgruntled employee, the more information about your customers you retain, the more of a target you are for criminals. If you must save customer information, ensure you use a service to encrypt the data so it can’t be easily read.
Consider using old fashion methods for storing customer data, such as offline computers or physical records. While less convenient, they avoid the risk of cybersecurity breaches. It may simply be best to avoid saving consumer credit information in your database, or at the very least, it should be kept for a minimum amount of time.
Above all, learn from other companies’ mistakes. If your business has grown larger, it may be worth hiring a hacker to attempt a breach of your company so that they can report any security vulnerabilities in your system. Keep backups of important company information, because losing data can also put a serious slowdown on your business.
What are you doing to protect your business from fraud? Have you ever dealt with fraudulent credit cards or purchases? Tell us about your experiences in the comments.