While online shopping and mobile payments are two of the most preferred ways to buy nowadays, including the focal point of many consumer holiday shopping strategies, there is always a concern over fraud at the back of people's minds. The available statistics don't do anything to alleviate that fear. Instead, they are cause for greater concern.
Fraud is Still on the Rise
In 2016, fraud attempts grew by 31% during the holiday season compared to 2015. The highest fraud attempt days included Christmas Eve, Shipment Cutoff Day, and Shipment Cutoff -- Express Day.
Since these were the highest online purchase volume days, it makes sense that most fraudsters tried during this period. The breakdown of fraudulent attempts was one in every 97 transactions versus one in every 109 transactions in 2015.
According to Loss Prevention Media, 2017 holiday retail fraud will increase despite increased knowledge and security technology. For example, they estimate a 5% increase in fraudulent returns during the 2017 holidays both in-store and online.
However, there are still strategies that you can implement that can help you slow or stop holiday fraud attempts that involve getting their hands on your customers' data. These seven strategies will help you avoid the risks and costs associated with retail fraud.
1. Invest More Time in Training
It's well worth taking considerable time before and during the holiday season to train and reinforce the proactive security tactics you are putting into place. Explain how fraud is committed. Those handling transactions can then understand vulnerabilities and risks.
This includes going over how they can tell if POS equipment has been tampered with or explaining what types of red flags indicate online transaction fraud.
Consider using augmented reality training. Staff experiences various situations so they can practice responding to these suspicious situations and improve the way they handle it.
2. Go Tactical to Combat Card Not Present Fraud
Understand what to look for that indicates stolen customer data. Use an address verification service (AVS) and ask for security codes. Also, verify the device, IP geolocation, and IP address. This could also severely hamper what a fraudster is trying to do and shut them down from trying to use stolen credit card data.
3. Keep Adding Security Layers
The reality today is more security layers. There is really no other way to ensure that you have done enough -- except putting more layers. That's because the more layers you have, the more frustrated the thief will become because they cannot get what they want quickly and get out.
This will often lead them to give up on their online skimming attempts and go elsewhere until they find a retailer that has made it easy for them. Generally, the smaller the business, the more a thief will go after you.
That's why certain situations are labeled as "crimes of opportunity." Please, don't give these dregs of society that opportunity this year. Instead, use tokenization, end-to-end encryption, and other security measures.
Use patches, updates, passwords, and even biometrics, if possible. Think of each layer as another wall between you and the criminal. At some point, they will reach still another wall and decide they have had enough. Again, generally, thieves tend to be lazy.
4. Become PCI Compliant
First, PCI compliance is mandatory if you accept credit card payments.
Second, showing your PCI compliance logo on your website will discourage fraudsters. This will alert them to the fact your security system is like a fortress. This is somewhat like making sure that your home security company’s sign is out front and the security stickers on the windows. Again, the harder it is for a thief, the more likely they will go elsewhere where they are more likely to have success and less likely to get caught.
Third, this compliance serves as your checklist to make sure you have built the most secure system for your customers’ data as possible. If you have more than one business, make sure you know the rules about compliance with multiple businesses.
5. Gang Up on Fraudsters by Sharing Threat Data with Other Retailers
Consumers used to use checks and some of these customers, or clients wrote bad ones. To combat fraud then, lists of names would be circulated and shared among retailers. In this way, each business was alerted in advance who not to accept checks from. The cashier would make certain to check the list of customer names before taking a check.
The same strategy can work today and also become more efficient thanks to the ability of online channels to share faster and across a wider circle of retailers. Let’s all help each other. When one business is hurt by fraud -- we are all hurt by it.
One place to share threat data you may have collected is with open source threat intelligence communities that include open and closed groups. These groups are a powerful way to band together to stop these fraudsters.
6. Don't Hang Onto Customer Data Forever -- or At All
If you are PCI compliant then you are already aware of what data you are allowed to store and what you should not keep under any circumstances. Only keep the type of customer data you will need for handling a return or tracking a shipment.
You don't need credit card numbers or that type of data in your system. Don’t do it, because it only puts you at risk for the mishandling your customers' data. Much of theft data proves that it is generally carried out by an employee. Don’t even put that risk or temptation in front of them.
7. Be Aware of and Combat SQL Attacks
Structured Query Language (SQL) is an injection attack. It’s a programming computer language where the language communicates with your database. SQL is most often used in management systems of the database. SQL attacks are becoming more frequent and can be a very dangerous threat to your customer data.
Hackers can essentially -- with this code -- brainwash applications on your system into doing what they want, including giving them access to customer data.
You can combat these types of attacks on your customer data by using an API to identify SQL vulnerabilities and help prevent a breach. You will also need to continually update the software you use and regularly have security inspections. It is preferable that a security check be done on a schedule of one before and after the holiday seasons.
Be Ready This Holiday Season
Whether it involves your in-store or online payment system or any other place you have sensitive data. With security tightening up, arm yourself with as much security as you can, and be proactive.
The fraudsters will return with a vengeance this holiday season. Shut them down so that you and your customers can truly enjoy the holidays together. Let’s be ready.