Cybersecurity breaches – Think it won’t happen to you? Think again
If you ask most small business owners what is uppermost in their minds, it would be unlikely that ‘cybersecurity’ would make the top five. And if it did appear then chances are it was because the business had recently been stung by a security breach.
Whilst everybody probably knows that cybersecurity shouldn’t be an afterthought, too many are taking dangerous comfort in the idea that “it won’t happen to me”. Unfortunately for Australian SMEs, global hackers and cyber thieves know this. Employees of small organisations are more likely to be hit by email threats such as phishing and malware, and Australia is the fourth highest country for the rate of malicious emails and in the top ten countries for mobile malware.
Securing your customers’ data
Becoming a safe retailer starts with thinking about how – or if – you are securing your customers’ data, and in particular their payment data. This is quite a simple exercise. If you use a recognised and PCI DSS-compliant payment gateway for your e-commerce transactions, then you have taken the necessary first steps. In addition, it’s worth adopting credential-on-file (COF) tokenisation, which strengthens e-commerce security because it means card details such as account numbers and expiry dates are not stored each time a consumer makes a purchase, thereby removing sensitive information off your systems and decreasing the risk of a data breach. If you are storing customers’ credit card details on an Excel spreadsheet then you are putting their data at risk, and with it your reputation. Imagine having to contact every single one of your customers and inform them that they have to immediately cancel their credit card or their personal information is now in the hands of cyber criminals because you hadn’t kept their details secure.
The next thing to tackle is fraud and ensuring that every online transaction is genuine. This is where two-factor authentication comes into play. During the payment process, the transaction is authenticated by sending a code via email or text message to the customer, who must then input that code in order to verify their identity. While it does mean the customer has to undertake an additional step in the payments process, online retailers that insist on two-factor authentication – sometimes referred to as 3D secure by banks – are protected if fraud occurs. So far, only a small number of Australian retailers are enabling 3D secure, despite the obvious benefit of fraud protection.
Stopping stolen credit card purchases
Finally, the move to offering ‘click and collect’ services, where a customer orders online and then picks up in-store, has highlighted a new issue for retailers to be aware of. That is, thieves using stolen credit cards to buy items online and then soon afterwards entering the store to pick up the purchase. Sales representatives believe it is a legitimate purchase and hand over the goods without asking for identification. They assume a level of trust has been established if the payment transaction has taken place online – but that in-store validation is critical. Imagine getting home at the end of the day, delighted to have experienced one of the best sales days of the year, only to discover that it was mostly fraudulent activity?
While these are among the most common cyber crimes affecting retailers today, they are sadly not the only ones you can fall prey to.
Check out our top tips on cybersecurity: cybersecurity
Top tips to becoming cyber secure [break-out box]
- Ensure you use a recognised payment provider for all your e-commerce transactions. For example, you can find out the status of Visa providers that are PCI DSS Compliant here.
- Always ask customers for identification before releasing ‘click and collect’ purchases
- · Treat your customers’ payment data as if it were your own – don’t store it on a spreadsheet or word file
- · If you have a website, talk to your web developer or provider about ensuring the ‘shopping cart’ page is continually and proactively updated with the most recent security patches.
- Get to know and understand payment security terms so you can have informed conversations about security with your bank. Start with the terms mentioned in this article:
- Phishing – fraudulent use of email to obtain confidential information such as a person’s credit card details.
- Malware – malicious software that can harm a computer – includes computer viruses, worms, Trojan horses and spyware.
- PCI DSS compliant – a term that is short for ‘Payment Card Industry Data Security Standard Compliant – this means it has met the security standards approved by major credit card companies.
- Tokenisation – the process whereby payments information is replaced with unique ‘tokens’ that are useless if stolen
- Two-factor authentication/3D secure – a tool that enables consumers to directly verify their identity online, usually via text message or email. · Visit Stay Smart Online for more tips on how to stay safe.
These tips are recommendations to improve cybersecurity in your business and are general in nature, please be sure to carry out your own due diligence process to ensure you are meeting the needs and requirements of your business.