Research conducted by AXA in 2016 found that in the previous year, 7 in 8 purchases in Europe were made online, and with phone payments and ecommerce on the up, the threat of Card-not-present (CNP) fraud will continue to rise. According to the Nilson Report , in 2015, fraud losses to merchants occurred overwhelmingly from CNP transactions, and the problem is only getting worse. Worldwide losses from card fraud are predicted to reach and eye watering $31 billion by 2020.
With this in mind, there are some key practices that businesses should be relying on, to protect their customers from CNP fraud. Here are our top six pieces of advice:
1. Use fraud detection software: There are a number of fraud prevention tools that merchants can use to pick up on fraudulent activity, including 3D secure payments and Web Application Firewalls. These can supplement your payment systems and help keep your customers’ data safe by detecting if any illicit activity is taking place.
2. Hide your data: Holding some customer data, however, is sometimes unavoidable. To protect customer information from being hacked when it’s not in use, make sure it is obscured and encrypted. This means that any hacker trying to access personally identifiable information (PII) won’t be able to read it or use it for fraudulent activity.
3. Keep your employees informed: One common way that fraudsters can do a lot of damage is through the use of phishing emails. These emails may ask your employees to move money into a different account, enter their password, or send a customers’ personal details. It’s important to keep your employees informed about these sorts of risks, so they can always be on the lookout for fraudulent activity – and know when they need to report suspicious emails.
4. Be on guard against insider threats: While a hacker can do serious damage, the threats that sit inside your company can’t be ignored. Pause and Resume call recording, also known as stop/start, is a common data security solution used by contact centres. The technology works by pausing the call recording when your customer is reading payment card details out loud. The recording is then resumed once the sensitive information has been taken. But this practice means that employees could easily write down your customer data to use for their own fraudulent purposes, or even sell it to the highest bidder.
5. Stay on top of regulations: The Payment Card Industry Data Security Standard (PCI DSS) was created to offer increased protection to customers against card fraud. Compliance with this standard is not only compulsory for all organisations that take card payments, but many of its requirements are designed to help safeguard your customers’ card details. With the ever-changing regulatory landscape – the EU GDPR and UK Data Protection Bill are just around the corner – it’s important to stay on top of these regulations to keep customer data safe, and ensure your company doesn’t find itself facing a hefty fine.
6. Protect your contact centre: With more customers turning to the phone when it comes to making a purchase, your contact centre remains an integral part of your business. Therefore, making sure it has adopts a stringent approach to data security is extremely important. Companies can invest in technologies like Semafone Cardprotect, which reduces the risk of fraud by allowing customers to type their card details directly into their telephone keypad while staying on the line with the agent instead of reading them out loud.
To ensure your company is fully protected against the potential damage of CNP fraud – whether that’s reputational or financial – you need to have the right data security in place. Implementing these steps will help reduce the risk to your organisation.