A primer for online and mobile business owners on the current state of payment fraud
It’s time to get serious about payment fraud and data protection. 007 serious.
Look, digital advancements have changed our world for the better, but they’ve also created more problems – like cyber-crime. Hacking and electronic fraud are now so widespread that large corporations are staffing multi-member electronic-security departments, whose sole job it is to secure and monitor digital data – especially payment details; governments and multinational corporations are actively recruiting hackers to tackle the problem.
So the question becomes: what can you, as a small to medium-sized business owner, online entrepreneur or affiliate marketer, do to reduce payment fraud? Go grab a cup of coffee and start reading – I’ll walk you through it.
Defining The Current State of Payment Fraud
Let’s first examine the current state of the online and mobile payment fraud problem.
Payment fraud is defined as “any activity that uses info from any type of payment transaction for unlawful gain.” This year, the Vesta Corporation wanted to get to the bottom of the pervasive and destructive realities of payment fraud, so, they commissioned and published a white paper on the topic.
Sixteen wireless operators, in the United States and Europe, volunteered to participate in the survey; needless to say, the results were a wake-up-call.
Cited in the paper was a Federal Reserve Bank of Boston’s 2009 statistic, which estimated that checks and cash account for only 37% of payment transactions. The report revealed that 25% of businesses are not in compliance with various digital-payment-industry data-security standards.
When we consider these two findings, in conjunction with the rapid increase of electronic fraud, it becomes apparent that business operators should be spending quality time analyzing and shoring-up their companies’ information data flow – especially when it comes to online and mobile payment transactions.
The Vesta study also explored how the elusive nature of payment fraud makes it difficult to control. After all, hacking tactics are constantly changing alongside technology. And nefarious schemers are skilled gypsies — moving their operations from region-to-region, depending on national laws and area technology standards. For example, Canada and many European countries have largely shifted to chip and pin technology for credit and debit cards, so it’s safe to assume that people looking to infiltrate payment “supply chains” will likely target countries – including the United States – that still heavily rely on more vulnerable magnetic strip technology. In other words, that rich Nigerian prince may be making an appearance at the next block party.
Taking Stock: Evaluating Payment Model Structures
As e-commerce continues to spread like suburban track-housing in the 1950s, you gotta find time to re-evaluate your payment structures.
Our society is efficiency-obsessed; as a result, we’ve developed ingenious ways to streamline online and mobile payment processes. Unfortunately, increased user efficiency has led to a rise in payment fraud and hacking. Why? Due to the nature of databases and reliance on third-party providers, there are now more “access points” for those looking to fraudulently steal information.
Moreover, when analyzing payment-fraud loss, companies mustn’t just examine the actual purloined dollar amount, but rather should also calculate the amount of money and resources required for compliance, reputation management, enforcement and litigation, which results from the security breach.
How The “Big Guys” Are Battling Payment Fraud
In an attempt to stymie payment fraud, Vesta-survey participants acknowledged that an enterprise-wide solution is far superior to piece-mail patches. The analysis also concluded that payment transaction models must move away from “siloed” business structures and businesses should start to explore how different aspects of their operation tie together. For example, the IT department must fully grasp how the Public Relations division operates in order to stem any electronic exposure entry-holes. That’s just one example.
Vesta participants also indicated that companies with “payment czars” reportedly have more success is stemming payment fraud, since there is a body dedicated to analyzing and implementing “big-picture solutions.”
Action Items: What Small and Medium-Sized Business Owners, Affiliate Marketers and Online Entreprenuers Must Do To Combat Online Payment Fraud
Ok, ok. I hear ya. All this survey data and forewarning is well and good, but you’re here to find out what you, as an online business entrepreneur, must do to shore-up your Internet and mobile payment process. So, let’s get to that.
Today, when establishing and evaluating a payment model, business owners must consider:
- The fraud risk involved with new payment type
- Liability in the event of fraud
- Fraud loss allocation
- Consumer protection safeguards
- Notification in case of fraud
- Business standards surrounding the payment supply chain
Before anything else, get intimate with your data. Make it your significant-other. Find out where and how it’s stored; determine who has access; wrap your head around how much of it there is. Is your data strewn across several databases? If so, find out why. Your goal is to consolidate information into as few databases as possible. Remember, every time a byte travels between boxes, another opportunity for hackers to access your data opens up.
After you’ve gotten up close and personal with your data, it’s time to start educating employees. Everyone from the mail room to the board room should understand the importance of keeping passwords private. Like, Jacob-what-is-this-damn-island private. Your IT department should be vigilant in their efforts to encrypt and monitor all digital info; their motto must be “no default passwords.”
Once you’ve handled the above, it’s time to start researching advanced pattern-based data loss prevention technologies, which let you set boundaries around your data, thereby further mitigating the possibility of foreign entities sneaking into your system.
And finally, when you’ve decided on a payment platform, and before implementation, contact an Internet lawyer to make sure the solution you’ve chosen complies with both federal and state laws, in addition to industry association standards. Remember, penalties can be legally levied against you by various industry standards groups – so its best to have someone up-to-date on cyber law look over your solution prior to implementation.
Let’s be honest, I wouldn’t be writing this if I didn’t have the legal online payment compliance knowledge you need. Contact the Kelly Law Firm for a legal audit of your website payment process – it’s not a luxury, it’s a necessity if you don’t want to be shut down by either the government or a hacker. Contact us today to get started.