Crime and fraud in the e-commerce, retail and payment industries have been around for a very long time. So, while technology isn’t exactly to blame for the recent influx of cybercrime, it opens up new avenues for attacks and stealing personal data.
Nowadays, retailers, banks and consumers are at risk of data theft at every turn. Some cybercriminals are targeting individuals as they enter their payment card information into websites, cloud services and mobile applications, while other hackers turn their attention and skills toward banks and retailers that possess the payment data of millions of customers.
Who is the target of a cybercrime might even be the least of corporations’ worries. In an interview with PYMNTS, Ken Jochims, director of product marketing at ThreatMetrix, explained that it’s the wide range of attack vectors that is making the prevention of fraud quite difficult. From malware to phishing attempts to man-in-the-middle attacks, cybercriminals are setting themselves up to invade corporate networks wherever there is an end point. Recent cybercrimes only support these statements.
“The wide range of attack vectors is making fraud prevention difficult.”
For example, ComputerWeekly recently reported that the Mandarin Oriental hotel group experienced the theft of credit card data after their legacy point of sale system’s integrity was compromised. The international collection of hotels confirmed that payment card data was taken from an “isolated number” of payment card systems at hotels around the world, including Europe and the United States.
While there are no specifics yet, the source indicated that the POS systems at around 45 hotels owned by the group had been infected with a form of malware that steals data. According to ComputerWeekly, security blogger Brian Krebs stated that the compromise most likely dates back to the time period surrounding Christmas 2014, and he also posited that payment card data was probably stolen from POS systems in restaurants and stores within the Mandarin Oriental’s hotels.
The good news is that the malware was removed, yet the damage has already been done. So, the company advised its customer to monitor their payment card statements for strange activities. However, this intrusion points to one of many threats, specifically that malware can easily infect unprotected POS systems.
While the Mandarin Oriental data breach represents the risks involved when conducting business in the high-tech modern economy, other cases of fraud indicated that complex POS systems and malware aren’t the only way that companies can become the victim of an intrusion.
The Wall Street Journal reported that Apple Pay has been hit by a series of fraudulent transactions. Cybercriminals use payment card data stolen in the recent Home Depot and Target data breaches to buy “big-ticket” items, and the bad news is that these cases of fraud weren’t overly sophisticated.
According to eWEEK, the exploited weakness is in the nature of how Apple Pay works. Cybercriminals loaded stolen credentials into an iPhone 6 or 6 Plus, and that data is transmitted to Apple. Once Apple receives this request, it checks to see if the information is already on file in its systems. In this case, the fraudsters enabled smartphones with compromised data, and they were able to make purchases as though they were the real owner of the payment card.
Part of the blame should fall on banks. Once the payment cards were declared to be compromised, they should have wiped their systems. Unfortunately, eWEEK reported that the Apple Pay verification process varies by bank, meaning that some consumer and retailers were affected by the cases of fraud.
How can the industry put a stop to this?
In regard to Apple Pay, Engadget reported that banks are improving their authorization processes with one-time codes and security questions, but that isn’t going to stop cybercriminals and fraudsters from trying to steal payment card data.
PYMNTS reported on BioCatch, a biometrics technologies company, that launched a fraud detection solution that the business promised will identify fraudulent behavior in real time using “behavioral biometrics.” The innovative cybersecurity measures have the ability to distinguish between actual users and hackers, but of course, time will tell on this technology’s usefulness.
However, Jochims told PYMNTS that it’s dangerous to think there is one solution that will prevent all data breaches and fraudulent transactions. Instead, cybersecurity is about creating a layer defense, Jochims posited. This means that businesses need to lock down their systems from end to end.
The first step is implementing payment processing solutions that guarantee cybersecurity, but these platforms must be able to seamlessly integrate with POS systems and existing hardware or there will be gaps between security layers. Essentially, every hole needs to be covered, meaning that encryption is necessary internally, while other practices should be implemented on the consumer side of the transaction.
Just because cybercrime exists does not mean companies should abandon cutting-edge technologies such as Apple Pay and POS systems. Businesses simply need to take cybersecurity to the next level.
Is Your Business Secure?