Subscribe

Keep yourself fraud free

By Sean Bacher, ITWeb contributor.
Johannesburg, 27 Nov 2014

Setting up an online marketplace is not as easy as simply registering a domain, building the site and having it hosted on your service provider's servers.

Besides running the risk of the site being hacked, online merchants have to be especially careful when dealing with customers and how they handle their personal details like credit card numbers, delivery addresses and contact details.

A recent survey by Columinate has revealed the number of people who bank and shop online in South Africa, and have been targeted, has risen to 62% - up from 54% in 2013 and up from 39% in 2012. This is a clear indication that more people are performing many of their financial transactions online, but are not properly secured. The survey went on to show that hackers obtain users' details through a variety of ways, including the following:

Keylogging: Where a user's computer is not properly protected and the hacker is able to install a worm or Trojan that sends sensitive information like passwords and credit card details to the hacker.

Phishing: This is where the hacker sends an e-mail or SMS masquerading itself as being from the bank and asking for the client's details. (No bank in South Africa will ever do this.)

In addition to the above, online shoppers need to be especially aware of the following:

Goods that are too good to be true: Should a shopper see an item that is just too cheap compared to its cost on other sites, the chances are that the product does not exist and the shopper will not receive the item and may end up with a variety of additional transactions on his or her credit card.

SIM swap fraud: Because many banks are using cellphones to authenticate online purchases through SMSes or one-time pins (OTP), fraudsters have taken to cloning SIM cards when a user upgrades or performs a SIM swap. Should the hacker have a user's credit card details as well as a duplicate of their SIM card, they can easily make and authenticate an online purchase before the card holder even realises it.

There are a variety of other tricks employed by hackers to get online shoppers to part with their money, which is why legitimate online merchants need to do everything in their power to protect both themselves and their client.

Getting to grips with online fraud

Smaller merchants often don't have the resources or the money to put the various services in place to prevent their customers' details from falling into the wrong hands, which is why it is imperative that they sign up for a service like Sage Pay.

Why Sage Pay?

Firstly, any company that accepts payment via credit cards needs to comply with the Payment Card Industry's Data Security Standards (PCI DSS). This is a framework that stipulates the requirements to protect sensitive data behind firewalls with robust and strong passwords, the encryption of data between the cardholder and the payment gateway, the required anti-virus software and permissions relating to who is allowed to see what data.

PCI compliance is not yet compulsory, but it will soon be, and Sage Pay has aligned its business processes with the requirements, meaning that any merchant that opts for Sage Pay to collect money on its behalf is automatically PCI compliant.

Sage Pay has implemented a number of technologies to facilitate this, like redirecting an online shopper directly to the payment provider's site to complete the payment. Thus credit card details are never seen by the merchant, giving the shopper peace of mind that his or her details are kept secure.

In addition to being PCI compliant, Sage Pay offers merchants and shoppers the following fraud prevention techniques:

* Account verification system: The numeric values and the billing address are automatically checked against the card before a customer can register it for making purchases.

* Card security code: At the back of most major cards is a three- to four-digit card verification value (CVV) number. This number acts as an additional security measure that needs to be supplied by the cardholder before completing a purchase.

* 3D Secure: Also known as Verified by Visa or MasterCard SecureCode. Many banks now employ users' cellphones to authenticate and complete the purchase. 3D secure can be thought of as an online version of the PIN number a card user would use when making a purchase at a shop. The bank sends a one-time pin (OTP) to the cellphone number of the cardholder that needs to be inputted to finalise any purchases.

Fighting online fraud is an uphill battle. As financial institutions find ways of mitigating fraud risks, hackers find ways around them. In the end, it is up to the merchant to ensure it has the best and most secure services like Sage Pay in place.

From an online shopper's perspective, it is up to them to ensure their anti-virus software is up to date, whether it is on a computer, tablet or smartphone.

Finally, it is up to both the merchant and the shopper to be vigilant when performing online transactions.

Share

Editorial contacts

Sean Bacher
Sage Pay Now