Out of Office Cyber Safety
Thanksgiving is just around the corner, which means that the ecommerce world is poised on the brink of its most important time of year: the holiday shopping season. The holidays are a time for family, friendship, and happy occasions, but they’re also a time when merchants work harder than ever to meet their sales goals, move product, and end the year with their balance sheet safely in the black. For an ecommerce merchant, the worst thing to wake up to in late December isn’t a stocking full of coal—it would be long list of chargeback notifications.
The holidays can also be a season for opportunistic fraud, as merchants prioritize processing a higher than normal volume of orders and transactions. Safeguards get overlooked, red flags get missed, and fraudsters take advantage of the fast pace and confusion of a shopping season that gets increasingly busy and hectic as Christmas approaches.
Our wish for this holiday season is for merchants and customers to have many satisfying transactions unmarred by fraud and chargebacks. Unfortunately, holiday wishes alone won’t make the fraudsters change their ways. On top of everything else merchants have to do to prepare for the holidays, it is imperative that they take extra precautions to secure themselves and protect their customers.
We’d like to share these five tips to protect your business from fraud during the holiday shopping season.
1. Shut Down Your Computers
If you left your home for a week to take a holiday vacation, would you leave your windows open? We doubt it—but many merchants don’t give a second thought to leaving computers turned on and connected when they’re away for extended periods of time.
When hackers are searching for a way in to a network, the first thing they look for is an open computer with an internet connection. You should never give cybercriminals easy access to documents and files that you need to keep secure. Open computers can be broken into via the internet, but it’s surprisingly common for fraudsters to snoop around in accessible computers in person, in stores or even back offices, when employees aren’t watching.
A nice little side benefit of shutting computers down at the end of the day is that it saves energy, which is better for the planet and better for your company’s power bill.
2. Change Your Passwords
You might think that nobody would ever, in a million years, guess the clever in-joke you use for your network password, but according to the United States Secret Service a ten-character password can be hacked in less than an hour and a half. If a password can be figured out with a little social engineering or educated guesswork, cut that time down even further.
Most security experts recommend changing the passwords on sensitive devices every few months. If this is something you’ve let slide, the holidays are a perfect occasion for announcing and enforcing organization-wide password changes. Ask your staff to change their passwords on all their work-related devices and applications, and to not use passwords that refer to their name, birthday, or family members—that kind of information is easily discoverable on social media and can make it very easy for an experienced hacker to crack the password.
A strong mandatory password policy might require sixteen-character passwords that include letters, numbers, and at least one special character. Sixteen characters can increase the required hacking time from an hour and a half to 1,753 years! Fraudsters are persistent, but they prefer the paths of least resistance. The harder you make things for them, the sooner they’ll leave you alone.
3. Utilize Two-Factor Authentication on All Key Applications
Ever looked at your bank statement after the holidays and thought “wow, I don’t even remember buying that?” In the rush to finish our gift shopping lists and take advantage of Black Friday deals, it’s not uncommon to accept that you might not remember all of your transactions after the fact—and that’s just what fraudsters are counting on.
Account takeover attacks surge during the holiday season, because fraud is harder to detect when so many legitimate customers are opening new accounts, reactivating old ones, and shopping at a wider range of stores than they normally do.
Most payment gateways and shopping cart applications include options for two-factor authentication. As part of your preparation for the holidays, enable two-factor authentication on your key applications, if not all of them.
4. Remind Staff Not to Use Office Computers on Cyber Monday
When holiday sales take effect, shoppers start looking for deals and discounts in places they wouldn’t usually shop. Fraudsters know this, and often attempt to spam them with fake ads and malware during this time of year, launching attacks from any inadequately-secured websites they can get their hands on.
Your employees likely have their own wish lists and holiday shopping to think about, but make sure they know not to surf the far reaches of the internet for deals on company computers. One click on an ad or website that hosts malware can compromise your entire network, giving fraudsters access to sensitive customer data or allowing them to divert your web traffic.
5. Secure Your Shopping Cart
For many ecommerce businesses, their shopping cart software is a major target and point of vulnerability for fraud and hackers. Because shopping carts handle payment credentials and private customer data while interfacing with internal merchant systems, a successful attack on them can be extremely lucrative for fraudsters. That’s why it’s so important to protect them as best you can.
All shopping cart software should be patched, updated, tested, and configured properly before the holiday shopping season kicks into high gear. You should also take some of these additional steps for increased protection:
- Velocity checking
- AVS/CVV matching
- Fraud prevention tools (e.g. Sift, 3-D Secure)
It can also be helpful to restrict coupons while running deals during Cyber Monday to prevent coupon glitch exploits.
Conclusion
All of us at Chargeback Gurus wish you and your staff a happy (and fraud-free) holiday season. We’re very grateful to all of our clients, partners, associates, competitors, and industry leaders for the motivation and encouragement you give us to do our job better.
Keeping merchants safe is our top priority, and we hope that these tips help our friends in ecommerce stay safe and protected in the days ahead.
Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions or requests for advice to: win@chargebackgurus.com
