Over the past year, the pandemic has driven a major consumer shift from retail and physical points of sale to ecommerce (online purchasing). Because card-not-present (CNP) transactions can be attempted anywhere and by anyone, they incur high rates of attempted fraud compared to transactions where the physical card is present. To combat fraudsters, Chase recommends a multi-layered approach to keep your payment transactions secure, and offers support and tools to help protect your business.
7 Tips for a More Secure Business Online
Originally published on Chase.com
Many businesses scrambled to adapt to a virtual world when COVID-19 hit. But did you remember to lock your doors against cybercriminals?
If you run an office or a store, there are always nightly closing rituals. You put the money in the safe, clean up, lock the doors and turn out the lights. Mike Kelly, Head of Cybersecurity & Technology Controls at Chase, has seen a lot of businesses go digital in the last few months. And too many of them haven’t implemented the same rituals to protect their businesses online. They’re forgetting to lock the front door.
“Unfortunately, we take a lot of phone calls after an attack,” says Kelly. “My heart always goes out to those business owners because it’s very traumatic.”
The good news is, every business can protect itself from online threats. Kelly shares the top seven ways that can help stop cyberattacks and fraud at your company.
1. Plan for worst-case scenarios
What will you do if someone hacks into your business or engineers a fraudulent money transfer? It’s important to be able to respond quickly.
Kelly suggests writing up a plan and running drills to test it. “Most organizations have a fire drill or a life-safety drill,” he says. “Cyber drills are no different. Look at a scenario, and think about how you design for it.”
And if a hack or a mistake shuts down a vital system, have a plan B. Find a workaround that allows you to keep as much of your business running as possible.
2. Assess your vulnerabilities
If you’re not a techie (and even if you are), you might not know the risks you and your employees are taking. Bringing in an independent contractor to audit your technology systems and processes is one way to get ahead of those risks. A contractor can uncover hidden dangers such as unpatched software, insecure processes or compromised systems.
“Even if you’re simply establishing a baseline, there are a lot of benefits to an independent audit,” says Kelly. “It gives you an idea of where the big things are that you’ll want to address.”
3. Pay attention to email
Verizon’s “2019 Data Breach Investigations Report’ found that more than 90% of detected malware arrived via email. One big reason is the number of ways email can be manipulated.
An employee might receive a seemingly innocent attachment only to discover it carries malicious software, known as malware, that could take down a single computer or your entire network. Emails can also contain links leading users to websites that automatically download malicious code onto their computers. This type of code sometimes can’t be prevented using traditional antivirus software alone. And if a colleague’s email account gets broken into, a hacker can pose as a trusted sender and trick you or someone at your company into sharing valuable information.
4. Train your employees to detect threats
Another reason email is such an effective way into many companies is that employees don't always know what to look for and are not fully aware of the risks they are taking when they check their messages.
“Dollar for dollar, training has the most positive effect on reducing the risk of cybercrime,” Kelly says.
Phishing emails, which are messages sent by someone posing as a reputable sender, often have small details changed or contain odd phrasing. With good training, employees will know to ask questions, double-check procedures and verify requests via other sources. One effective technique is to send test emails that can track whether employees click links or follow a direction contained in a message. If they do, then the system can display educational materials or you can follow up to make sure they understand their mistake.
5. Require strong procedures for payments
In the early days of COVID-19, many of the usual processes and procedures had to be reimagined. That opened up new opportunities for invoice fraud.
“You always want to be looking at your payment processes,” Kelly says. “Where are there possible weak points?”
For example, after COVID-19 started, Kelly saw an increase in invoices sent via spoofed, disguised or hacked email addresses. Thieves who spent weeks and even months observing workers were then able to imitate language and processes perfectly. That's why Kelly recommends being skeptical of all invoices and having client, vendor and bank phone numbers handy so that you can easily verify any payment or bank charge.
6. Lock down your passwords
Passwords should be complex, but they don't need to be hard to remember. Do you have a favorite singer? Then you might have a few strong passwords already humming in your head.
“I would take part of a good song verse and use that as your password,” says Kelly. “A song verse has multiple words. You're going to be able to remember it.”
Kelly also recommends keeping passwords in a secure place. Rather than pasting your passwords into a spreadsheet, consider using a password manager with strong encryption. These high-tech tools can keep hundreds of passwords safe and are easy to use.
7. Not sure what to do? Breathe.
Hackers prey on stress and confusion. If you experience any unusual requests or think you might be a victim of fraud, pause and investigate your suspicions. Chase clients can receive support by contacting their Chase client service representative.
Not yet a client? Chase offers a variety of services to help safeguard your business from fraud. Visit Chase for Business Fraud Protection Services to learn more.
Get fast, secure, and reliable payment processing solutions to help you run and grow your business. With Chase Merchant Services, businesses have access to:
- Flexible solutions to securely accept card payments onsite, online or on-the-go
- Touch-free payment options including contactless card and mobile wallet acceptance
- Next-business day funding (with a Chase business checking account)*
- Comprehensive online reporting and chargeback management
- Fraud prevention and data protection
- 24/7/365 in-house customer support
To learn more about Chase payment solutions, click here.
To learn more about LicenseLogix services, click here.
For informational/educational purposes only: The views expressed in this article may differ from other employees and departments of JPMorgan Chase & Co. Views and strategies described may not be appropriate for everyone and are not intended as specific advice/recommendation for any individual. You should carefully consider your needs and objectives before making any decisions and consult the appropriate professional(s). Outlooks and past performance are not guarantees of future results.
JPMorgan Chase Bank, N.A. Member FDIC. Equal Opportunity Lender, 2021 JPMorgan Chase & Co
Businesses are required to complete an application and agree to terms and conditions at the time of enrollment. All businesses are subject to credit approval. Merchant services are provided by Paymentech, LLC (“Chase”), a subsidiary of JPMorgan Chase Bank, N.A.
* Next business day funding is available to eligible Chase merchant services clients who deposit into a single Chase business checking account. Visa®, MasterCard®, and Discover® credit and debit transactions are eligible. All businesses are subject to business credit approval and all funds are subject to fraud monitoring. In addition, funding is subject to the terms and conditions of the merchant processing agreement. Chase must receive settled transactions by 10:00 pm EST (some businesses may qualify for a 11:59 pm ET settlement; talk to a Chase representative for more details). Funds are deposited on the next business day, excluding weekends and bank holidays. Some exclusions may apply. The listed payment brand(s) are not sponsors of this program. All marks are marks of their respective companies. Deposit products provided by JPMorgan Chase Bank, N.A. Member FDIC.