Many Americans love Halloween — the scariest and most frightening holiday of the year. If you love celebrating this time-honored tradition as well, you probably already have some spooky tales and Halloween decorations lined up to delight friends, family and neighborhood children.
It’s all in good fun. Though some horrors are all too real — especially if you’re a merchant that regularly accepts payments online. What kinds of horrors do we mean?
Well, we’re not talking about the usual suspects such as higher merchant fees, stricter regulations and the occasional chargeback. These terrors are very real and can haunt you year-round, but they aren’t what should be keeping you up at night.
No. We’re talking about payment processing security — a multifaceted problem that continues to gain strength with each passing season.
Here’s why this frightening trend is on the rise.
1. Payment Processing Fraud Is Fast
Theft used to be a time-consuming activity. Criminals had to find a mark, rob their victim, and then get away with the stolen goods.
Yet, thanks to the rise of e-commerce, the entire exchange can happen in milliseconds — often from a remote laptop on the other side of the world.
2. Payment Fraud Is Scalable
Crime also used to require proximity. Thieves needed physical access to your cash register to inflict any real damage. Even then, they could only walk off with so much money.
In the online world, though, criminals can steal millions of credit cards all at once — again from an anonymous, remote location.
3. Payment Fraud Is Lucrative
Payment fraud is a multibillion dollar industry. According to The Nilson Report, merchants lose an estimated $24 billion annually to various fraudulent schemes. What’s more, when just speaking about online credit card fraud, we’re talking about $6.4 billion in annual losses.
Also note that these figures only include the monetary damages stemming directly from cybercrime. The true cost is much higher once you factor in:
- Months spent arguing with banks to reverse fraudulent charges.
- The irreversible damage done to your business reputation.
- Potential fees, penalties and litigation — even when you’re not to blame.
Read on. It gets worse.
4. Payment Fraud Is Hard to Punish
Despite all of the above, cybercriminals are rarely — if ever — brought to justice. You might be able to staunch the bleeding and prevent future attacks, but given the anonymous nature of online activity, it is very difficult to catch perpetrators.
Most of them walk away with all of their stolen money intact. Meanwhile, you and your customers spend days, weeks and months trying to pick up the pieces.
It’s not fair, but it’s the world we live in now. The Internet is fertile hunting ground for those who prey on the weakest and least suspecting among us.
Just so we’re clear, these are not cautionary tales or worst-case scenarios. Fears about cybersecurity are legitimate causes for concern. In fact, the Department of Homeland Security estimates that nearly 50 percent of businesses have already experienced some type of cyberattack. Although we typically read about data breaches targeting major companies, smaller businesses are the most vulnerable. That’s because they have fewer resources with which to combat fraud and identity theft.
It gets even worse:
- The migration to Europay, Mastercard and Visa (EMV) credit cards in brick-and-mortar stores is pushing more criminal activity online, where these chip-enabled cards offer far less protection.
- Moreover, cybercrimes are becoming more sophisticated, making it even harder than it already is to detect, prevent and catch online thieves.
How to Overcome the Scariest Aspects of Payment Processing
Honestly, how do you protect your business when there’s an army of hackers around the globe working tirelessly to rob you and your customers?
It isn’t easy, and no single strategy can provide foolproof protection, but it is possible to make your business less inviting to would-be fraudsters.
Arguably the best starting point involves eliminating as many vulnerabilities as you can from your payment environment. By this, we mean:
- Investing in PCI-compliant data security. If your payment provider doesn’t follow the latest industry best practices and fraud prevention guidelines, your business will always represent low-hanging fruit for criminals.
- Protecting data mid-transit using tokenization and point-to-point encryption (P2PE). This is especially important if you regularly send payment information over unsecured wireless and cellular networks.
- Using hosted payment pages to process online transactions. With this option, you don’t capture or store your users’ credit card data. Instead, the entire transaction happens “off site” on a shopping cart that looks and feels like the rest of your site.
- Installing the latest updates, patches and virus protection software. Thieves are clever, but they’re also quite lazy. This is why they tend to exploit unpatched vulnerabilities in older platforms.
- Requiring users to create unique passwords. Stronger passwords include characters, numbers and upper/lowercase letters.
- Asking for additional verification steps before authorizing any card-not-present transactions. Credit card numbers and expiration dates represent the bare minimum, but you should also request billing addresses and CVV codes.
- Using fraud management filters that can automatically detect, flag and prevent suspicious activity. For example, if you’re accustomed to making an average of 10 online sales an hour, a “velocity filter” will raise alarms whenever you start generating hundreds of sales per hour.
For even better protection, it’s worth educating your customers about basic cybersecurity. For example, you should encourage them to change their passwords often. This is easier said than done if they’re already using long, unique and alphanumeric credentials, but password management tools such as LastPass can help eliminate some of this confusion.
Finding Comfort and Solace in a Terrifying Age
The landscape isn’t pretty. In fact, it can be downright horrifying — and it’s not just during Halloween. There are legitimate dangers lurking in the shadows practically all year.
What’s truly terrifying is that there’s no way to protect yourself 100 percent.
Even with the best defenses in the world, criminals will eventually find a way to gain entry. This is why you must constantly erect new barriers and safeguards to stay ahead of the game. Your defenses must evolve over time.