Tim Lansdale, Head of Payment Security at Worldpay comments on the
Financial Fraud Action UK figures which were released this morning,
plus some stats about the impact of fraud on British business in
He said: ”While it’s good news that fraud losses are down on their 2010 peak this isn’t a reason to be complacent. We know that criminals will always go for the low-hanging fruit which is why they are changing tactics, targeting consumers who they see as the weak link in the chain.
"Businesses have to be alert to this threat, ensuring they keep their wits about them. They should be extra cautious when taking payments over the phone and be on the lookout for transactions that seem unusual, such as asking for goods to be delivered to a different address to which the card is registered. Businesses will be responsible for the cost of the goods sold to fraudulent cards not to mention the damage to their reputation, something that can take years to repair.”
Small businesses warned of February ‘fraud spree’
Small businesses are being warned to be on their guard in February, with payments expert Worldpay predicting “unprecedented levels of attempted fraud”.
Data from Worldpay, the UK’s leader in payment processing, suggests instances of fraud could rocket by as much as 80% in February as hackers start to capitalise upon customer data harvested during a hectic Christmas shopping period.
Tim Lansdale, Head of Payment Security at Worldpay, said: “We see a dip in fraud around Christmas as hackers go on the hunt for information, using the online sales rush to stockpile thousands of customer card details. It isn’t until February that they start cashing in on all the data they’ve collected. Other breaches can last much longer; attackers might decide to keep returning to their targets, sometimes for years.”
During 2011-2014, the average data breach exposed 284 days of card payments. Worldpay’s analysis showed breaches lasting from 11 days at the lowest end of the scale, to 1,723 days at the other extreme.
Worldpay says small businesses are by far the biggest target for hackers, accounting for 85.7% of UK data breaches. Virtually all data breaches (99.3%) happened online, rather than at the point of sale, as the UK’s e-commerce market continues to boom.
In 2014, businesses in the entertainment, hobby and leisure industries accounted for 23.3% of all card data breaches, followed by clothing and footwear stores (16.3%) and jewellery, beauty and gifts (11.6%). Businesses in the entertainment industry, particularly online ticket booking systems, tend to make easy prey for hackers due to the high number of credit and debit card transactions they process online each day.
The clean-up costs of being targeted can run to tens of thousands of pounds, with a standard investigation costing £11,250 on average, and attracting at least a £8,000 penalty, not including the costs of lost goods and damage to reputation.
“Data breaches can be ruinous, so its vital small business owners know the risks and take the necessary measures to protect themselves and their customers and employees. You wouldn’t leave your store unlocked overnight, yet so few businesses are doing enough to protect their online shop fronts and keep hackers at bay,” said Lansdale.
Small business fraud check-list:
1. Have you changed all your default passwords, so they’re harder for someone to guess?
2. Is your payment page hosted by a third party? Hosting your own can be less secure.
3. Do you test your firewalls at least every three months, or get a security professional to test for you?
4. Do you securely destroy all card data records when no longer needed i.e. pulping/shredding/incinerating?
5. Are you avoiding storing the three digits ‘CVC’ number on the back of the card?
(Source - Worldpay Comment)