by James Walker
It was Get Safe Online Week last week and judging by new research released to support the government-backed security awareness raising campaign, there’s still a long way to go. It’s also highlighted once again the vital role that businesses need to play in the fraud prevention chain.
Let’s see how.
Tip of the Iceberg
First up, Get Safe Online asked the National Fraud Intelligence Bureau (NFIB) to estimate the amount of money lost to cyber fraud in the year ending 31 August. It reported that a whopping £670 million had been netted by cyber criminals from the top 10 “internet-enabled frauds”. Much of that will come at the expense of businesses if it relates to chargebacks that have been issued as a result of card fraud.
What’s more, that figure will be vastly lower than the actual amount, as online fraud often goes unreported. Although 51% of the 2,000 Brits surveyed by Get Safe Online in a separate study said they had suffered an online crime – including fraud, ID theft or malware attack – only 32% said they reported it.
There were some positives to come out of the study, however. Many said that their experiences at the hands of cyber criminals had actually shocked them into action. As a result, 45% said they had chosen stronger passwords while 42% said they were now extra vigilant when shopping online.
The other side
Of course, it’s great that awareness of online fraud and cyber crime is gradually increasing amongst the public. After all, some say that big brand data breaches are failing to have the impact they once had – although major incidents like the iCloud celebrity hack can still shake consumers out of their inertia.
But that’s only half the story. Customer-facing corporates also bear a burden of responsibility, not only to protect the crown jewels of cardholder data but to ensure that online safety and security is at the heart of everything they do.
With that, the following are essential steps:
- Install secure industry standard payment mechanisms like 3D Secure and advertise them clearly on your site
- Choose Extended Validation SSL Certificates. These will turn your customer’s browser bar green to show them that your site is to be trusted.
- Notify customers immediately if there is a phishing campaign or other widespread online fraud attempt on your brand.
- Consider an online “safety centre” page for customers on the site with tips on staying safe, links to AV vendors etc
- Choose a trusted third party payment provider with built-in anti-fraud protection to minimise the chance of chargebacks.
- Adhere rigorously to PCI DSS compliance, which stipulates systems are secured and kept-up-to-date alongside a raft of other requirements. It should also reduce the financial burden if a breach occurs.