Manage Subscriptions · Subscribe Now · F.A.Q.'s
HOME · Saturday, July 5, 2008
Hosting, Infrastructure & Software
eCommerce Fraud: Build a Human Firewall
Thirteen steps to prevent fraud at your ecommerce company
By: Michael A. Cox
Comments: 0
There is a fellow from Europe named Kevin Mitnick, who can find your Social Security number online in 15 seconds. He was the hacker who was elevated to “computer terrorist” status by the FBI and Interpol. They caught him and put him in jail for five years, but there are thousands like him, who spend their hours, days, and lives in search of the mother lode of information. There also are less sophisticated folks who dive in dumpsters and trash cans for receipts, bills, anything that might bear sensitive information. They steal an identity and with that, they steal your money.
Mitnick doesn’t “hack” anymore, he is banned for life from surfing the web. He makes his money now from the people he used to victimize, the big companies whose systems he used to break into. Mitnick teaches people how to avoid being hacked. And guess what. He doesn’t talk much about firewalls or secure portals or encryption keys; he talks a lot about people. In a Reuters news story in early March, Mitnick argues that that while sophisticated technology can help keep networks clean from viruses, it is useless if hackers can con a company's employees or any unsuspecting citizen into handing over passwords by posing, for example, as colleagues.
“Hackers find the hole in the ‘human firewall’,” Mitnick told an information technology security conference in Johannesburg, South Africa. “What’s the biggest hole? It’s the illusion of invulnerability.”
“Social engineering”, as hackers call tricking people, formed the main thrust of his career, in which he penetrated some of the world’s most sophisticated systems, often by persuading unwitting staff to hand over top-secret information.
The Front Line
The front line of defense against the Internet fraudsters is a proactive approach on the part of anyone who collects, possesses, uses or transmits sensitive data. You can have all of the latest and greatest technical tools to protect data and your system, but when the human component breaks down, the hordes can and will come through the gate.
Is it really that big an issue? You bet it is. For merchants, the threat comes in areas like credit card fraud and vulnerable data storage systems. Because the threats are so many, so varied, and so sophisticated, companies like Authorize.Net, one of the world’s largest electronic payment gateways, spend millions of dollars and tens of thousands of man-hours every year to build and maintain secure systems to protect data in storage and transmission.
Authorize.Net uses a set of integrated fraud tools as standard features of every customer account, such as Address Verification Service (AVS) and Card Code Verification (CVV/CVC2/CID) that provide merchants with general protection from fraud. However, to proactively fight and prevent fraud, merchants need to employ more advanced fraud detection tools in their own systems that are designed to single out fraudulent transactions. Authorize.Net’s Fraud Detection Suite is composed of several filters and tools that work together to evaluate transactions for indications of fraud. Their combined logic provides a powerful and highly effective defense against many fraudulent transactions.
However, as powerful as the tech tools are, the biggest campaign against fraud needs to be waged on the education front. Stephanie Gibbons is a fraud-prevention expert at Authorize.Net.
“The average merchant may not know how much they can do when it comes to protecting themselves and their customers from fraud,” says Gibbons. “There are a number of steps that they can take, but they must be consistent and constantly on alert.”
Most major payment gateway companies offer technical tools, high levels of encryption and transaction monitoring, and most small merchants tend to leave it at that—it’s that false sense of invulnerability. However, in order to protect themselves and their customers, Gibbons says they need to take some measures of their own.
The 13 Bricks Of A Human Firewall
Here are 13 things an ecommerce merchant can do to lower their fraud exposure:
- Never send sensitive information via email.
- Leave discreet voicemail messages. Do not leave detailed messages involving sensitive information that can be overheard.
- Make copies carefully. Always remove and retain originals from the copy machine when making copies of sensitive documents.
- Do not cut and paste potentially sensitive information from any proprietary or confidential business application into emails or otherwise distribute sensitive information insecurely to customers.
- Only share customer data with internal personnel on a need-to-know basis.
- Do not discuss sensitive information where it can be overheard.
- Check the Internet regularly for phony copies of your website. If you find a “spoof site,” contact the website’s provider immediately.
- Implement industry standard computer systems security and keep virus detection, firewall, and other prevention solutions updated.
- Only download software and files from sources you trust. Files from the Internet might include spyware or viruses that can compromise your security.
- Only use, or interface with, proprietary or confidential business applications on networks or the Internet in the manner in which they were designed.
- Keep your external USPS mailbox empty. Never leave outgoing or incoming USPS mail in boxes overnight.
- Keep operating-system patches up to date.
And, number 13? Never, never, never give a password, a credit card number or any sensitive information to anyone on the phone, especially a cordless or cell phone. That nice man who is trying to help your mother with her taxes may be another Kevin Mitnick trying to get his digital foot in the door.
Blinklist | Del.icio.us | Furl | Ma.gnolia | Newsvine | Spurl | Reddit | Technorati
Published on Saturday, April 01, 2006
Comments:
Ecommerce Articles
- Browse All Articles
- Browse our complete archive of ecommerce articles.
- Accounting, Management & Legal
- Ecommerce articles related to managing a small business including ecommerce accounting, business strategy and legal considerations.
- Conversion & Usability
- Online business articles about converting web site visitors into customers and how to gauge and improve your business website's usability.
- Development & Programming
- Articles to help designers, developers and programmers create successful, search engine friendly ecommerce websites and improve existing ones.
- Hosting, Infrastructure & Software
- Articles for ecommerce businesses about ecommerce web hosting, business infrastructure, business strategy and helpful ecommerce & small business software.
- Interviews & Profiles
- Interviews with prominent ecommerce business personalities and profiles of successful online businesses.
- Inventory & Shipping
- Ecommerce articles about inventory management, ecommerce order fulfillment and product shipping considerations.
- Marketing & Revenue Growth
- Articles relating to online marketing, email marketing and using the Internet to growing your business.
- Search Engine Optimization
- Search engine optimization articles for ecommerce business owners, strategists, marketers and developers.
- Shopping Carts & Online Payments
- Articles covering ecommerce shopping cart platforms and options for choosing an online payment gateway.
- Training & Education
- Tutorials and articles providing training and education for ecommerce business owners and developers of ecommerce websites.
Search Articles
Ecommerce Community
- Ecommerce Blogs
- Read our blogs about ecommerce topics written by industry professionals.
- Community Forum
- Connect with other ecommerce professionals to trade advice and answers in our community forum.
- Podcasts
- Check out our ecommerce podcasts covering topics ranging from interviews to tutorials.
- RSS Content Feeds
- Subscribe to our RSS feeds and have fresh ecommerce content delivered to you.
Ecommerce Resources
- Free Email Newsletter
- Sign up for Ecommerce Notes, our free email newsletter for ecommerce business owners and developers.
- Ecommerce Directory
- Browse our directory of ecommerce products and services, or submit your own listing in our directory.
- Ecommerce Glossary
- Familiarize yourself with terminology or submit terms to help others with our Ecommerce Glossary.
- Events Calendar
- Find out about upcoming ecommerce events or invite other ecommerce professionals by posting your own event.
- Press Releases
- Browse ecommerce related press releases and post your own press release for distribution.
- Ecommerce Store & Back Issues
- Pick up back issues of Practical eCommerce magazine along with other merchandise from Practical Ecommerce
About Practical eCommerce
- Frequently Asked Questions
- Look at frequently asked questions regarded using our website, subscribing to our magazine and more.
- Advertising Information
- Information about advertising in Practical eCommerce magazine, on our website, or in our email newsletters.
- Editorial Sharing
- Learn about options for sharing our content with your visitors, customers or employees.
- About Us
- Learn more about Practical Ecommerce magazine and meet our staff.
- Contact Us
- Contact Practical Ecommerce at any time for more information. We'd love to hear from you.
Copyright 2007 Confluence Distribution, Inc. and Practical eCommerce.
All Rights Reserved.
There are no comments posted for this article.