With startling regularity we hear about security breaches at big corporations. Credit card and other personal information stolen, often not being reported until days, weeks, months after the event actually occurred. It’s alarming to us as consumers but in many cases small business owners don’t see the implications for their business. Data thieves aren’t just targeting giant corporations; they are increasingly targeting smaller businesses.

Why target small businesses? Thieves certainly aren’t going to come away with millions of credit card number or millions of anything in most cases. The reason small businesses are becoming more of a target is simple, vulnerability. Big corporations typically have large, sophisticated security and IT organizations watching over and managing their infrastructure. The payday for penetrating a big target can be substantial for cybercriminals, but large organizations are typically much harder to crack.

Small businesses on the other hand can end up being an easy target partially because they don’t believe they are even being targeted. They are. The pot of gold at a small business may be much, much smaller but may be found without a lot of effort for small businesses who have not protected themselves.

Another surprising element in this story is that small businesses have the same compliance requirements as large businesses. The PCI/DSS compliance standards don’t discriminate based on company size. This means the implications for a compromised small business can be substantial even beyond the direct impact of resulting fraudulent activity. So what can a small business do to protect themselves?

Get the data out of the system – One of the most effective ways to protect yourself is to remove the pot of gold altogether. When your systems don’t contain sensitive data, there is less there for a criminal to find, and steal. Using a service like ProPay ProtectPay shifts the information out of your business systems into the secure, compliant ProPay environment. For many businesses this is the smartest, easiest and most reliable solution.

Do it yourself or partner? Most businesses serious about protecting themselves and their customers face a build it or partner for it decision. A robust level 2, level 3 PCI/DSS compliant infrastructure can be costly and complex to build. For businesses willing to make the investment to build, an equal or greater investment may be required to manage the infrastructure and assure it remains compliant as technologies, environment and policies evolve. Yes, you can do it yourself, but it’s a heavy, complex and long-term commitment.

The key message for small businesses is not assume the cyber bad guys are only focused on the behemoth companies. They are in fact frequently targeting small businesses who are unprotected and unaware of the risks. You’re not too small to be a target and the business risks if you are compromised can be substantial. ProPay has a number of solutions that can help designed specifically for smaller businesses. Give us a call today to learn more.

Visit www.propay.com, call 888.227.9856 or email sales@propay.com.

Chances are good the apps you provide your customers as well as the apps you use as a consumer are vulnerable. In the recent State of Application Security Report, Arxan, mobile security experts, surveyed over 1,000 consumers and app security professionals from four countries. One of the most significant insights from the report was the following:

“While the majority of app users and app executives indicate they believe their apps to be secure, nearly all the apps assessed, including popular banking and payment apps and FDA-approved health apps, proved to be vulnerable to at least two of the OWASP Mobile Top 10 Risks.”

Other highlights from the report include:

● Consumers and app executives believe their mobile health and finance apps are secure.
● The majority of mobile health and finance apps contain critical security vulnerabilities.
● The security and safety risks are real and significant.
● Most consumers would change providers if they knew their apps were not secure.

The full State of Application Security Report can be downloaded here.

If your business was lulled into complacency about the incidence of payment fraud, there’s a trend you should be aware of. Between 2009 and 2013 actual and attempted fraud rates slid to 60%, but in the past couple of years have since risen dramatically. Recent research from the Association of Financial Professionals indicates that 73% of companies experienced actual or attempted payment fraud in 2015. That’s up 11% from 2014 and 13% from 2013.

What’s behind these changes? What forces and dynamics are fueling this uptick in payment fraud?

Sophisticated fraudsters - The modern cybercriminal is intelligent, collaborative and connected. This new breed of criminal is often highly educated and works in loosely knit, but highly effective collaborative networks with other expert technologists, intermediaries and in some cases corrupt government agencies. The stereotype of the young, hoody wearing loner in toiling away in the dark basement is no longer relevant. Today’s criminals function more like white collar professionals than the stereotypical IT geek. The level of expertise, the fluid and multidimensional style of attack and the speed at which they work makes the modern cybercriminal a very worthy adversary.

More payment options = more openings – One of the wonderful things about emerging payment technologies is how they have made so many more payment options available. Consumers now have a multitude of choices for completing transactions on mobile devices within a browser, via an app, in a retail location or with a myriad of other options. This creates convenience for consumers, but also creates more opportunities for thieves to find a point of entry.

Offshore threats – A massive proportion of cyberattacks originate outside the United States. The nature of these attacks make them difficult to track, but even when tracked to their source, if that source is in another part of the world there may be very little legal action that can be taken. Every country treats these matters differently, enforcement can be impossible in some situations even when the individuals or groups committing the crimes is very clear.

Soft targets – In many cases we as users are our own worst enemies. Many attacks focus not on penetrating complex, highly-secure environments but instead exploit basic gaps consumers unknowingly leave wide open. Things like social media profiles with limited privacy protection or mobile phone settings that passively broadcast personal information to anyone with the limited knowledge to pick up the signals. Sending sensitive personal information through email, text or other unsecured channels also provides an easy target. Use different, and secure, passwords for different applications and when it comes to handling of any financial information use a trusted, secure, well-established partner.

ProPay has been protecting consumers and businesses for many, many years and understands this new wave of attacks. Be sure you, and your business are protected.

For more information, call 888.227.9856 or email sales@propay.com. Visit www.propay.com.

Recently, professional cybercriminals have specifically targeting direct selling companies and their customers. The damage these criminals can inflict for unwary and unprepared companies can be truly catastrophic.

How Direct Selling Fraud Works
It all starts with stolen credit card information, which can be obtained through an illegal marketplace for between $5-$15 each. Amateur fraudsters often attempt to use the credit card information of family members, friends or co-workers for direct selling fraud, but typically on a much smaller scale.

The pros use this information to attack direct selling companies in a very systematic, calculated manner. They begin by enrolling as distributors, often directly through the direct selling company’s corporate website as an “orphan”, unaffiliated with an existing company sponsor. This opens up access to purchase products and become eligible for sales commissions.

Using their status as a new distributor, they enroll other fake distributors providing what appears to be more legitimate, sanctioned entry to the business for those that follow them. All these new distributors begin by purchasing significant amounts of product, using illegal credit card information, shipping it to temporary addresses at vacant homes, mailbox locations or other locations. In some cases, this product is quickly whisked away to secret locations for storage and are posted for sale on various discount, classified websites at extremely heavy discounts.

Even without a single sale of this ill-gotten product, these fake distributors are often paid sales commissions on the fake sakes long before there is any detection of wrong-doing. Add to that the money made from any product they are able to sell and it’s clear to see how this type of criminal could do significant damage to an organization not prepared for this style of sophisticated criminal. Add on the impact of flooding the market with heavily discounted product, reputation damage and difficulty differentiating between incredibly valuable, legitimate distributors and illegal operators and now the problem is even more massive.

ProPay Can Help
Through ProPay Guardian CyberShield, there is a way to go after this more insidious style of criminal. Guardian CyberShield uses a variety of mechanisms to identify the bad guys and stop them before they can get started. The service uses a Device ID feature that can detect when multiple accounts are created or managed from a single device, creating alerts and preventing entry when appropriate.

ProPay Guardian CyberShield also features a highly sophisticated, and customizable rules engine that can be adjusted to the unique needs of the direct selling industry. This feature could be used to develop rules around establishing orphan accounts, shipping product to unverified new distributors or creating other complex validation or authentication mechanisms. Designed to be customized and built as a more advanced fraud prevention solution, Guardian CyberShield can be an essential tool in the direct selling battle against the new wave of fraud.

Learn more about ProPay Guardian CyberShield. Visit www.propay.com or call 888.227.9856.

The recently published ThreatMetrix Cybercrime Report details how massive, complex and dynamic digital and transaction fraud has become. The report is filled with incredible statistics and information about the scale and shape of modern fraud, a few highlights include:

- A startling 250% increase in cyber attacks on retailers during peak transaction times
- Over 230 million bot attacks
- An overall 80% increase in attacks over the previous year
- Aggressive attacks on both mobile and desktop environments
- Financial services, retail and a variety of industries targeted

The big takeaway from the report is that the modern cybercriminal is incredibly sophisticated, aggressive and a force to be reckoned with. To protect your business and your customers from these fraudsters requires an intelligent and even more sophisticated fraud detection and prevention solution. Mapping the right solution requires a deeper understanding of the dynamic of today’s cybercrime.

Fraud doesn’t sleep – Fraud, and fraud protection is not a static or periodic event. Fraudsters are continually testing, probing, automating their tools to find and exploit any potential weakness. Bots and Botnets, automated processes and networks of automated inquiries run constantly looking for security openings. Protecting your business from this type of dynamic threat requires a solution that operates in the same model, continuously sweeping the landscape, looking for patterns, identifying known risks and constantly countering attacks.

Every device is at risk – Mobile commerce continues to grow as a channel for everything from consumer products to home mortgages. Cybercriminals are aggressive, and quite successful infecting mobile devices with malware through downloaded apps that may look legitimate, but carry dangerous, invasive code. Mobile devices are also frequently compromised through unsecured wireless networks allowing undetected access to sensitive personal data. Desktop computing is still a risk as well, criminals utilize a number of tactics to access user information and hard drives of desktop computers on a massive scale.

Multiple attack vectors – Cybercriminals use stolen payment information for purchases, pretend to be known users and commit fraudulent activity and create new accounts using stolen information. Attacks to access this information come in many forms, malware, networks of compromised devices working together and a host of other tactics. There are many fronts to monitor and protect.

Connecting the stolen dots – The modern cybercriminal is rarely acting alone and is increasingly elevating the complexity of their attacks by combining data obtained through multiple sources. Rather than accessing all your personal information through a single compromise, they are able to stitch together a composite view of consumers through a combination of more easily accessible information. Developing an awareness of criminals with this approach and then finding and preventing the related fraud requires an extremely high level of sophistication.

The good news is that ProPay Guardian CyberShield is designed to protect business and consumers in this fluid, complex and rapidly changing environment. Featuring world-class technology, in-depth security and unmatched fraud protection expertise your business can be confident even in a world with a growing and ever more dangerous style of cybercrime.

Click here to learn more about ProPay Guardian CyberShield. Call 888.227.9856 or email sales@propay.com.

Next Page »