Holiday safety tips for customer data safety
By Evan Morris, Network Security Manager at Mwrinfosecurity.com
Online shopping and mobile payments are quite popular today. In fact, around the holidays this shopping is what most people prefer.
However, there’s always a concern about fraud looming in the back of people’s minds.
This is why customer data protection must be at the forefront of your mind. Unfortunately, the statistics in the news really don’t help reduce that fear either.
Instead, these statistics cause people to grow even more concerned.
Why it’s important to keep your customers’ data safe
According to Blue Pay, fraud attempts grew 31% during the 2016 holiday season, in comparison to the fraud rate in 2015. Most of these attempts occurred on Christmas Eve, as well as the days when the shipment was cut off. This makes sense because these are also the days when most people do their shopping. However, it’s also eye-opening considering that this means fraud occurred in one out of every 97 transactions.
Loss Prevention Media believes that fraud increased even more throughout the 2017 shopping season. In fact, they believe that it’ll increase by 5%. It’s typically the smaller businesses that thieves go after too. These are labeled “crimes of opportunity.” Fortunately, there are strategies companies can carry out to help them slow or stop fraud throughout the holiday season.
7 ways of guaranteeing your customer’s data remain safe
Threat detection strategies are something your business can’t afford to overlook today. With this in mind, here are 7 strategies that will help you prevent retail fraud throughout the holiday season:
- Spend more time training your employees about proactive security measures. When they know how people commit fraud they’ll be more apt to find any risks or vulnerabilities you may have overlooked, including knowing when your POS was possibly tampered with. Knowledge of the red flags that are indicative of online transaction fraud can be delivered through augmented reality (AR) training. This allows your employees to practice what you’ve taught them by encountering suspicious situations “for real.” In doing so, they’re not only better equipped to handle these situations, but they can also share other ways of handling it that you might not have even thought of before.
- Besides making sure that everyone in your business knows what indications to look for regarding stolen customer data you also want to teach them how to stop a fraudster in their tracks. The best ways of doing this are by using an address verification service (AVS), asking for security codes, and verifying things like the device, IP geolocation, and IP address.
- Make sure your business is PCI compliant, which is mandatory anyway if you accept credit card payments. By displaying your PCI compliance logo on your website you’ll discourage some fraudsters. This is similar to how you should display your home security company’s sign in front of your home. This is something you’ll want to add to your checklist before launching a website. You should also look into the rules for when you have more than one website.
- Make use of an open source intrusion detection system to add more security layers. This will prevent customer data from being hacked by various emerging threats. The reality is adding more security layers today is really all you can do to ward off any threats. These extra layers of biometrics, passwords, patches, and updates frustrate thieves because they can’t quickly get the information they want and then leave. Since thieves are lazy, they’ll typically give up and go somewhere else because with every layer of security you add you’re adding another wall between your business and a criminal.
- Work with other retailers to gang up on the fraudster by sharing their information with one another. In the past, this was as simple as sharing the names of people who were known for writing bad checks. This was a great way for businesses to know beforehand that they shouldn’t accept a check from these people. Businesses can use a similar strategy today by sharing information about the threat. You can get this information through open source threat intelligence communities. These groups are so powerful that they’ll make your business more efficient, especially since you can now quickly share this information online and with an even larger number of businesses than in the past. The premise here is true: When one business is hurt by fraud, every business is hurt.
- PCI compliant companies already realize what information they can and cannot save, regardless of the circumstances. Essentially, your business can only save customer information that’s necessary for tracking shipments and handling returns. This means that you should never store credit card numbers. Storing them only places you at risk for mishandling your customer’s information, especially by one of your company’s employees. Remove this temptation from them as soon as a transaction is complete.
- Watch for Structured Query Language (SQL) attacks. This is a programming computer language that communicates with your company’s database. It uses SQL because this is what’s typically used in managing a company’s database system. Unfortunately, these are growing much more common today. They create a very dangerous threat to your customer’s information because hackers get this code then brainwash your system’s applications so that they do what the fraudster wants. This includes providing the fraudster with access to your customer’s data. The best way of combating these attacks is by using an API that identifies SQL vulnerabilities and then helps you prevent such a breach. It’s important that you continually update this software and have security checks on a regular basis – especially before and after the holidays.
Be ready when the holiday arrives
Fraudsters return with a vengeance every holiday season. Regardless of the location of your business’ sensitive data, it’s time to tighten your security. When you arm yourself with as much security as possible, you’re taking a proactive approach to protect your customers. You can honestly shut fraudsters down in their tracks so you have more time to focus on enjoying the holidays instead of focusing on cleaning up their mess.
About the Author
Known for his boundless energy and enthusiasm. Evan works with MWR Infosecurity (Mwrinfosecurity.com) as a Network Security Manager, an avid Blog writer, particularly around Technology, Cybersecurity and forthcoming threats which can compromise sensitive data. Having vast experience of ethical hacking. Evan can be reached online at firstname.lastname@example.org, @MorrisEvan4.