The way Kiwis choose to pay and get paid continues to evolve, and so does the nature of fraud. As consumer spending moves further online, fraudsters have unfortunately followed, often targeting small and micro businesses. Visa’s Head of Data Solutions for Australia, New Zealand and South Pacific, Riaz Nasrabadi, shares three steps Kiwi small-medium enterprises (SMEs) can take today to protect themselves against new forms of cybercrime.
1. Bolster your online checkout to prevent enumeration attacks
Sophisticated hackers today are exploiting vulnerabilities in an online environment and the need for businesses to protect themselves against new forms of attack is higher than ever.
Globally, transactions where a consumer’s card isn’t physically presented (such as when shopping online) accounts for 90 per cent of all fraud (up from 84% in 2019) and a ransomware attack happens approximately every 11 seconds.
One of the top cyber threats emerging here in New Zealand and around the world over the past 18 months is enumeration. But what exactly is it? And what can businesses do about it?
Enumeration is the criminal practice where fraudsters use automation to test and guess payment credentials such as Primary Account Number (PAN), card verification value (CVV2), expiration date and post codes, which can then be used in fraudulent transactions.
It’s the rising use of botnets – which are networks of hijacked computer devices – that are being used to carry out and scale these attacks.
A key way for businesses to protect themselves against malicious cyber-attacks that could damage their brand and customer experience is to fortify their online checkout process.
Businesses should talk to their payments gateway or acquiring bank to ensure their online checkout page has the right controls in place. This could include restricting the number of transactions that can be processed by the merchant from a single card per minute, scanning for anomalies in shopping cart data, blocking accounts after a certain number of login attempts and CAPTCHAs, which are tasks that are designed to be easy for humans but difficult for bots.
These methods can go a long way toward the prevention of illicit transactions.
2. Invest in secure technologies that balance evolving risks and customer experience
Cyber security is a hot topic not just for New Zealand businesses but for their customers too.
Shoppers today increasingly want the speed and convenience of digital payments, and they expect the buying experience online to be both secure and seamless. Merchants should be investing in technologies that not only reduce fraud, but also reduce friction at the point of sale.
Tokenisation is one example. It is a security technology that converts a cardholder’s 16-digit account number into a token or digital credential, so merchants don’t have to store sensitive payment credentials.
In addition to enhancing security, tokenisation can reduce friction in the checkout process by enabling financial institutions to automatically update expired or compromised payment credentials without any manual updates made by the customer, in the event that their card is lost, stolen or expired. For merchants this means that tokenisation not only reduces fraud, but also maximises conversions and drives long-term customer loyalty.
Another example is EMV 3-D Secure, which can also help minimise instances of fraudulent transactions. This digital technology is designed to confirm the identity of the cardholder and enables merchants to request authentication from the customer’s bank. The bank could undertake the authentication via a one-time password sent to the cardholder’s mobile or a biometric authentication, such as facial recognition or fingerprint scan before the transaction is processed.
3. Stay alert to sophisticated cybercrime scams
Cyberattacks on businesses can take many forms, but scams in particular are becoming increasingly sophisticated and tricky.
Fraud occurs when a third party obtains unauthorised access to a consumer or business payment credentials, typically through a data compromise. A scam, on the other hand, occurs when a consumer or business owner is misled to provide their payment credentials to what they believe to be a trusted entity.
The CertNZ 2021 Report Summary on cyber incidents in New Zealand showed that scams accounted for almost $11.9 million (71%) of the total financial loss reported in 2021 alone. Almost $3.9 million was lost to scams when buying, selling or donating goods online, and over $2.1 million was lost to scams about employment and business opportunity offers.
An industry approach through education and awareness is vital to help prevent Kiwi businesses becoming victims of scams. At Visa, we actively work with law enforcement agencies and industry groups to drive awareness on what to look out for and common scam sources, through our Payment Intelligence alerts. There are also online resources like Scamwatch that Kiwi SMBs’ can check to be aware of the latest reported scams.
Looking to the future of eCommerce in New Zealand, there are clear opportunities for small businesses to drive growth and deliver exceptional customer experiences, but it’s important to remain alert to new threats.