With the holiday season now a hair breath away, it also indicates a time when general users are keen to treat themselves to a special purchase, and retailers hope for a holiday windfall.
However, according to RSA South Africa, they are not the only ones with plans to cash in – so too are cybercriminals. This, noted the company, is due to the fact that digital retail channels have grown tremendously, with more than 45% or retail transaction volumes already originating from mobile devices. This is particularly attractive to fraudsters, and explains why 60% of new fraudulent activities happen via mobile transactions.
Credit, cheque and debit cards are targeted as well, not the least because they are often used in online transactions. It can be tricky for retailers to detect and pursue such crimes, explains Hein Kern, Territory Manager for RSA Southern Africa: “Seventy percent of retailers take several days to investigate fraudulent activities on their websites, if not longer. This means criminals can do considerable damage to earnings before a retailer has caught on and losses are waiting down the line to dampen their holiday sales boost.”
Several trends assert themselves over the holiday period, ones that retailers should be aware of to keep an eye out for fraudsters. Kern explains why there is an increase in card crime.
He elaborated that underground marketplaces for cloned and stolen cards ramp up activities, since they know the window to sell and exploit stolen card information closes fast. This results in a higher demand, so card-theft and cloning increases. As a result there is a higher number of cloned cards in circulation as fraudsters seek to exploit stolen card information.
Due to limited protection in the global EMV (Europay, MasterCard and Visa) card standard around ‘card not present’ transactions, outlets that don’t require a physical card, such as online and telephonic retail, become easy targets. Retailers whose card readers are not implementing EMV standards properly are also targets for criminals, who can inject false information in transactions and make them seem legit.
Consumers are targeted more frequently with phishing attacks, namely fake emails, messages and websites that aim to steal their personal data. Criminals then use this information to apply for legitimate banking cards using stolen credentials. Criminals attempt to install malware and other dangerous software on consumer devices by infiltrating retail sites and using them to infect visitors.
If these threats seem unlikely, consider how much of your retail transactions are done using banking cards. While traditional fears around criminality surround cash, it is easier to detect questionable activities or losses. Card systems are more opaque and the results of a theft may not be apparent if not monitored.
Fortunately RSA Security reassured that retailers can be proactive and prevent a lot of the problems by following a few steps:
- Ensure that card readers are up to date and support the latest EMV standards properly.
- Request proof of identification when presented with a card for a transaction.
- Speak to your financial institution about insurance, responsibilities and remedial action if fraud does occur.
- Train staff to understand and anticipate card fraud activities.
- Partner with a security technology firm such as RSA and see which solutions can help detect and prevent fraud.
- Audit your website’s security standards and policies, and have detection in place to catch site infections and hijacking.
- Educate your customers on keeping their cards and personal data safe.
- Maintain an easy way for customers to contact you to verify correspondence from your company and alert you of any fraudulent activity.
“The bad news is that if you think you can just ignore this, you will be a victim,” says Kern. “Technology fraudsters are becoming better and faster, but the real weak link is us. When companies and consumers don’t pay attention to these threats, we create an opening for criminals. But if we are vigilant and smart, they will look for easier targets instead,” he concluded.