Online payment security is a collaborative effort, especially when it comes to electronic payments.
Each participant in the purchasing process – banks, buyers and businesses – should pull their weight in making payment information safe and secure. As the merchant, ignoring your role in security leaves your online store open to attack by hackers and thieves.
The state of security
The current conversation regarding payment information safety spans a wide range of industries – from financial institutions to security firms to payment processing companies.
According to Payment Week, TD Bank conducted a poll at the 2016 NACHA Payments conference in Phoenix, Arizona, asking attendees their views on the current state of cybersecurity. Of those surveyed, 88 percent said the banking sector faces a greater threat of payment fraud in the coming years. In addition, 90 percent of respondents said the current available solutions won’t work.
“Even as the threat of payments fraud increases, many firms are not ready to thwart what could be an influx of cases within the next 24 months,” Rick Burke, TD Bank’s head of corporate products and services, said at the conference, according to Payment Week.
The fact that bank industry leaders are disappointed in current payment security efforts is disheartening, especially in light of research from Verizon’s 2016 Data Break Investigations Report. The communications provider found that it took weeks for 79 percent of hacked retailers to notice they had suffered a break. Most of these attacks – 89 percent – were motivated by espionage or financial gain, indicating the attacking party attempted to steal payment information.
How online retailers can play their part
Just as multiple parties are concerned about payments, one industry can’t handle security alone. With that in mind, here are a few tips that online stores can use to keep their customers’ shopping information as safe as possible:
- Change your passwords: Verizon’s report noted that in 63 percent of online retail data breaches, hackers gained access because the businesses they targeted used default, stolen or weak passwords. Even if your business doesn’t store payment data, using simple or default passwords makes it easier for fraudsters to obtain sensitive information, such as customer email addresses. They can also gain access to employee records, especially if you use cloud services or lack firewall protection.
- Use a secure payment processor: Payment security is an extensive endeavor, and many businesses don’t have the resources to handle it completely. Outsourcing your online debit and credit card processing to a business that prioritizes security by adhering to standards set by the Payment Card Industry Security Standards Council, alleviates the burden of storing customer information.
- Inform customers of any breaches or attempts: According to Verizon, 12 percent of users who received phishing messages in 2015 opened them and clicked a malicious link. Phishing is a technique where a fraudster poses as a trusted source, such as a bank or online store. The person then attempts to trick users into supplying their login information. If you hear reports of a phishing attempt or if customers come to you about a suspicious link, let all of your patrons know immediately. Similarly, don’t attempt to hide a security breach. Not only will customers be angry with your business if word gets out, but not informing them puts shoppers at an increased risk. If your customers receive warning in time, they can change their login or payment information before a third party has a chance to use it.
Even if banks suffer on their end and consumers fail to use secure passwords, you can rest easy knowing you’ve done your part to keep payment information safe.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.