For the past 19 years, the National Cybersecurity Alliance and the U.S. Cybersecurity & Infrastructure Security Agency have recognized October as National Cybersecurity Awareness Month to promote data security best practices. Throughout the month, small business owners and corporate leaders should take time to learn the risks, identify gaps in security practices, and implement new strategies to fend off cyberattacks. Businesses that accept and process large volumes of payments – especially retailers, restaurants, and e-commerce marketplaces – need to be especially vigilant of fraud attempts and cybercrime. According to a recent study from Card Not Present, every dollar of fraud committed in e-commerce transactions represents $3.75 in losses to the merchant – representing a marked increase from 2019.

With that in mind, spend some time ensuring that your organization evolves its data security practices and reduces the risks of payments fraud – this month and throughout the year. Get started:

Stay up to date with emerging payments fraud risks and impacts

Business leaders are generally aware of the reputational and operational risks of fraud – but may underestimate the magnitude of these potential losses. The annual IBM Cost of a Data Breach report shows the massive costs organizations incur after cybersecurity incidents. The report estimates that in 2022, companies lose $4.35 million per data breach event and 83% of surveyed companies had experienced more than one data breach event in the past year.

To avoid reputational, operational, and financial losses, keep yourself informed on the most pressing sources of cybersecurity risk:

  • Digital skimming: Fraudsters infect a website with code that “skims” payment card information while it is being entered into a website during payment, while the merchant and cardholder remain unaware.
  • Ransomware: Harmful code infiltrates and disables an organization’s computer system and holds the data hostage to collect a ransom payment from the organization.
  • Card not present fraud: Attackers leverage online, over-the-phone, and mail-in purchases to conduct fraudulent transactions – relying on the fact that the merchant never sees a physical card as part of the verification process of a payment.

There are no easy answers for combating these threats, but constant vigilance can help. This includes regularly scanning and testing ecommerce sites for vulnerabilities or malware and monitoring the ecommerce environment. For a deeper dive into data security treats, Forbes online news magazine featured the top data security threats of 2022.

Audit your current practices and establish regular check-ins for ongoing security.

Original data security precautions can be thwarted by shifts in store setup, device additions, expansion and administration of ecommerce services, new payment access points and changes to operational procedures. Any one of these can leave a business more susceptible to security control failures, malicious attacks, or accidental information leakage. So, begin looking at what’s changed for your business this year that could have inadvertently created a weak point in your data security set up.

  • Physical device security: Mount payment devices on locking stands and place in locations that you and your staff can see and control to minimize risk of tampering or theft. Also, maintain a list of all devices and develop a routine to inspect them for tampering or substitution. When not in use, store mobile payments devices in locked cabinets or tether to the counter securely. Record the identifying attributes of the device – serial number, model type, operating system, etc. – and regularly review who is authorized to use it.
  • Ecommerce website security: Check your shopping cart software, update operating system versions in a timely fashion, remove inactive plugins as soon as possible, and make sure your SSL certificate is current and renewed on time each year. If you use an outside vendor to develop and maintain that site, be sure the coders don’t leave HTML source code wide open for fraudulent authorization testing. It is important to ensure your source code is well hidden.
  • Employee access security: Validate your processes for strong passwords and user authentication, as well as employee access and logins, and consider implementing multi-factor authentication. Train employees to recognize risk, such as Phishing and social engineering, and how follow appropriate security protocols.
  • PCI DSS compliance validation and patches: Review your organization’s adherence with the Payment Card Industry Data Security Standards (PCI DSS) compliance on a quarterly basis. PCI validation only reflects a point in time and must be diligently upheld with consistent frequency to ensure payments data security. If you find gaps in your processes during these reviews, make a plan to address these quickly and effectively to maintain compliance and customer trust. Further, make sure you understand how your vendor or service provider notifies you of new security patches and be sure you receive and read these notices. For ecommerce businesses, ask your ecommerce hosting provider whether they patch your system and how often.

Cybersecurity Awareness Month will go by quickly – be sure to make these best practices part of your organization’s regular processes to ensure data security year-round. Educating your employees, discussing data security with your partners and vendors, and prioritizing fraud-preventing initiatives are vital steps to protect your organization in the evolving digital-first world.

Success

Request a call back

We want to hear from you. If you are interested in setting up a new merchant account with us, please contact us through the form below and we'll call between the hours of 9:00 AM and 7:00 PM EST, Monday-Friday. If you require assistance with an existing account, please call our customer service line 24/7/365.

This contact form is for US customers only. If you are looking for one of our other locations, please visit elavon.com/country-selector.html to find your country or region.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

By providing us with an email address you are expressly consenting to receiving email communications – including but not limited to marketing material/advertising, promotions, sales campaigns, and questioner/research surveys. By providing us with a telephone number for a cellular phone or other wireless device, including a number that you later convert to a cellular number, you are expressly consenting to receiving communications – including but not limited to prerecorded or artificial voice message calls, text messages, and calls made by an automatic telephone dialing system – from us and our affiliates and agents at that number. This express consent applies to each such telephone number that you provide to us now or in the future and permits such calls for non-marketing purposes. Calls and messages may incur access fees from your cellular provider. We accept relay calls. Your privacy is important to us. By clicking “submit” you agree to our terms and conditions.

/content/dam/elavon/global/icons/storytelling/icon-phone.svg

Sales

Available Mon. – Fri.
9:00 AM - 7:00 PM EST
1-866-671-1583

/content/dam/elavon/global/icons/storytelling/icon-headset.svg

Customer Support

Available 24/7
1-800-725-1243