Are Online Businesses Passing Cyber Vulnerabilities Down to Customers?

Media Division | February 20, 2017

Most people make online purchases without flinching: after all if your card is used fraudulently the bank or the merchant are responsible for those charges.  Yet, basic knowledge of cyber vulnerabilities, and how those online transactions affect later transactions, remain largely unknown.

Here’s how to avoid getting sold to the highest bidder on the cyber black market.

Examining the Credit Card Number Food Chain

Merchants of various sizes have just about the same way of using credit card information, which is part of the problem.  Each of the places where a transaction occurs may have the same type of cyber vulnerabilities: so a weakness for one is a weakness for others.  A chain is, after all, only as strong as its weakest link.

Online purchases have these points of potential vulnerability (keep in mind that a hacker could target any of these points):

  • Credit card number is entered by a user on a device (desktop, laptop, or increasingly more commonly, smartphone).
  • Said device offers to “store” the credit card number.
  • Merchant’s website receives the credit card number.
  • Merchant uses a third-party point of sale system to run those numbers.
  • Merchant may also use a third-party vendor to provide goods, and in some cases, card number gets transmitted as part of the purchase.
  • Merchant’s backup data service will store the information as part of the day’s transactions (which will likely be cloud-based, except for merchants large enough to have their own servers).

Hackers tend to go for “big fish,” which can lead smaller merchants to feel too small to be worth the efforts.  Yet, when you examine this chain you realize there are several points where really big companies are involved.  For example, purchases made on an iPhone (iOS vulnerabilities are worth a pretty penny on the cyber black market).  Another example: the point of sale provider, such as Square Cash.  Another example: the cloud service provider.  Another example: Visa or MasterCard themselves.

When you look at it this way, you see that even a small online business shares information through tools or services used by mega corporations.  If not, the underlying software and coding still come from similar sources.  A known vulnerability in one equals a possible vulnerability in others.  That barnacle you pick-up on one site follows you to another.

Whose Responsibility is it Anyway?

For the most part, consumers are remarkably uneducated about cyber security.  (Fortunately, you are reading this blog, so you are not in that category).  For example, a recent Kaspersky Lab report on ransomware was humorously titled, “Ransom-What?  because the consumers, as a whole, are completely oblivious to this common cyber threat.

As merchants, vendors, online businesses and banks, however, one cannot afford to be.  First, the merchant and secondly the bank will largely be held responsible for fraudulent charges.  So, credit card intelligence service is invaluable.

That being said, everyone can be part of the solution:

  1. Educate, educate, educate: End users have got to get smarter at a rate that at least matches the industry. Phishing scams still work and are getting more sophisticated, but they are avoidable.  Passwords can be complicated and individual to each site.  Educate your colleagues, employees, family, and anyone else you talk to about basic smart cyber security. Consumers do not have to be walking victims.
  1. Protect: Your own assets can at least be covered, with a professional team in your corner, keeping up with cyber intelligence feeds and the changing landscape of cyber vulnerabilities. Have a ransomware plan. Keep up with software updates, and require all employees to do the same.
  1. Report: When individuals and companies both monitor transactions and report fraud as it occurs they decrease the likelihood of those exploits hitting the next customer.

When cyber intelligence just becomes standard practice, we will all be more secure.  In the meantime, you can follow these steps and hints to stay ahead of the game.

MEDIA DIVISION
Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.