Fraud and theft is not a new problem in the card-not-present and e-commerce marketplace. For years, criminals have been crafting schemes to steal data and cracking the codes that are meant to protect it. According to the latest reports, merchants that sell goods online each spend an average of $10.1 million per year on fraud-related costs. And, with the crackdown on in-person fraud through the implementation of EMV chip technology, we can only expect to see card-not-present fraud numbers rise.
The United States is the last major country to make the transition to EMV, so we can look to other countries’ experiences for a glimpse of what we can expect to occur.. The general trend illustrates that as counterfeit and lost/stolen fraud decreases due to EMV, criminals find alternate routes to commit theft—primarily in CNP environments. While the UK was able to tame the problem by developing more advanced fraud analytics and using 3-D Secure technology, England is still working to combat the increase in CNP fraud since implementation of EMV in 2006.
So what can e-commerce and other CNP merchants in the U.S. do to protect themselves from the impending fraud spike? Being proactive is key. Here are some of the top imperatives for maximizing data security:
- Implement Effective Password Policies – The more secure a password is, the harder it is to hack. By creating and enforcing password policies, you can help to maximize data security. One common “rule” is to require a minimum password length and complexity. For example, you may consider requiring passwords to be at least six characters and contain a mix of lower and uppercase letters, numbers and symbols. Another best practice is regularly enforce password updates—we recommend every six months.
- Utilize Two-Step Authentication When Possible – The downside to data security is that it doesn’t always translate to user-friendliness. When a merchant requires customers to jump through hoops to make a purchase, it may deter them from completing the transaction. Instead, consider utilizing two-step, or two-factor, authentication. It’s a process that requires a user to verify their identity through the combination of two components—for example, a phone number, PIN, password, or security code associated with a credit card number.
- Avoid Using USB Devices on PCs With Virtual Terminals – Did you know that anytime you attach a USB device to your computer, there’s a potential for being hacked? There’s no need to go throw away all your thumb drives, though. Simply be very cautious when connecting to PCs with virtual terminals where financial transactions are taking place, as they can be especially vulnerable to attack. And, never insert a USB to your computer that you’ve found lying on the ground—it could have been planted by a hacker trying to gain access to your data.
Are you a CNP merchant who needs help navigating through this post-EMV environment? Abtek is here to help. Contact us today to learn more about how to maximize your data security and minimize friendly fraud and other theft.