The COVID-19 pandemic has forced many businesses to suddenly adopt e-commerce alternatives to brick-and-mortar sales in order to survive (and in some cases find a lucrative new way to do business).
With spikes in online sales, merchants and their customers are also facing mounting fraud risks, from criminals who try to blend in with legitimate online consumers, leading to reported increases in in card testing attacks, buy online/pick up in-store fraud and other scams.
Increased Risks of Online Banking
The online shift has also been accompanied by increased use of mobile banking services, to avoid paying hard cash in face-to-face transactions. A report from J.D. Power points out that 49% of Canadians “rely heavily on online and mobile banking,” and 33% are “digital-only customers who predominantly use mobile or the internet for their banking needs.”
The security risks of this situation are pointed out in a June public service announcement released by the FBI. With the surge in online banking, the law enforcement agency “expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including app-based banking trojans and fake banking apps.”
For added security, business owners and consumers should:
Beware of clicking on links in emails and texts supposedly connecting to their banking services. Many fraudsters use legitimate-looking emails and messages to get people to reveal their login details. Financial Institutions do not contact customers via text, phone or email to advise. Should you receive an email, text or call do not provide sensitive information. Contact the institution directly in cases of unsolicited contact.
Use strong passwords (including uppercase and lowercase letters, numbers and symbols where appropriate).
Enable two-factor or multi-factor authentication on devices and accounts.
Use, when possible, biometrics, hardware tokens, or authentication apps for strong two-factor authentication.
Set up multiple types of authentication for accounts, if allowed.
Review Monthly statements for unknown transactions.
Monitor where personal identifiable information is stored and only share essential information with financial institutions.
Other Types of COVID-19 Fraud (Cardholder level Scams)
Some of the other types of coronavirus scams, often preying upon people’s fears connected to the pandemic, include:
Phishing scams
With phishing, online criminals send emails to potential victims, purporting to be from a hospital or government organization. They might claim to be a notification that you have been in contact with someone who tested positive for COVID-19, or that you have a COVID-19 test ready, or that you’re eligible for government funding. These scams are usually trying to get you to reveal personal information, give the sender money, or download a virus-infected attachment.
Fake Mobile Applications
These ransomware attacks involve mobile applications where, for example, cyber criminals might create a fake contact tracing mobile application that claims to alert users if they have been in contact with someone who has COVID-19. The app then hijacks the user’s phone and only gives their access back if they agree to pay a ransom.
Fake Government Websites
Spoofed or faked government websites offering COVID-19 information are designed to look legitimate, including their URLs, to get visitors to give up information, give money or download malware.
Data Scams
With more people doing work-from-home arrangements, hackers are looking to get into company networks through home set-ups that may lack the security precautions of the at-work ones.
Business Email and IT Scams
The economic upheaval caused by the pandemic may make workers more vulnerable to email scams, where a fraudster could spoof a boss’s email address or phone number to get a worker to wire money, transfer funds, send gift card codes, and so on. Or the con artist might pose as a member of IT staff, requesting a password or providing a link to software (malware) to be downloaded.
Supply Scams
With many businesses scrambling to get certain supplies (such as ones for cleaning and disinfecting), con artists are taking advantage by setting up fake sites that mimic the look of well-known online retailers. They’ll take your order, nab your credit card information and then head for the hills.
How does this affect your Merchant Account?
With the increase in above Cardholder fraud activity, Fraudsters will try to use the newly stolen card data to make purchases on your site. Fraudsters target products which may have some resale value.
Merrco has guides which can assist you in the implementing fraud practices and tools which can help you identify and stop fraudsters. Fraudsters are persistent and may test your processes, in the event they are successful we have guides to assist you in disputing chargebacks.
By implementing our “Click, Pay and Pickup” recommendations we can help you build both an Offensive and Defensive approach to online transaction fraud.
Enhanced Security for Our Customers
At Merrco, we take the security of our merchant customers very seriously. We meet all industry standards for security and encrypt our hardware to protect your payment data. Our Payment Advisors can help identify key areas of weakened security in your business and suggest products that will help decrease the risk of fraud.
Contact us today to find out how we can make your new business normal a safe and secure one. Email info@merrco.ca or call 1800-957-0534. For more information on combatting fraud, email risk@merrco.ca.