Cyber Security: Business Payments Through Tech

Did you know that the first recorded cheque was written over 350 years ago? Since then, there’s been a digital transformation in payment technology. Now most businesses offer a range of payment methods making it quicker for customers to part with their cash.

While most payment methods are fairly secure, any digital process comes with the risk of hacking and the possibility that funds might never reach your account.

Understanding the flaws inherent in each piece of payment technology means you can take the relevant steps to embrace the benefits of digital transformation.

 Different Payment Strokes for Different Folks

Varying business models require differing approaches to taking and making payments. Regular subscription services tend to use Direct Debit to deduct recurring payments. Market stall holders and shops take cash but also nearly always allow people to pay by card. Organisations that need to pay suppliers’ invoices will often pay by bank transfer or possibly by card depending on the software the provider uses.

And with UK shoppers spending more online than any other country, card payments made over the internet are one of the fastest growing methods of taking funds.

Each of these approaches has their benefits and drawbacks. We explore each method of payment, the cyber security threats and network security amendments you can make to ensure every single pound of hard-earned cash makes it to your bank account.

 Credit and Debit Cards

How often do you reach for the debit or credit card to make a purchase for your business? Taking the team out for lunch, booking travel or purchasing any of the many other items businesses need to thrive: it all involves sharing your card details over the phone or online or tapping your card on card machines. And if you decide to revert to old-fashioned cash, your card is inserted into countless cash points.

Regardless of the method, each transaction requires a transfer of data. And that means there’s potential for someone to swipe your card details and use them for their own ends.

The European Payments Council’s 2016 Payment Threats Trends Report highlights stealing card data as one of the main threats to business card use. Data is generally stolen in two ways:

Skimming or shimming – the device is installed in an ATM or POS terminal to capture data from the magnetic strip on the card (skimming) or from the EMV chip (shimming). Usually the device is accompanied by a micro-camera to record the individual’s PIN. Armed with all the relevant data the criminal can hack your account.

1. Advanced Persistent Threat (APT) Attacks – specific stores or financial institutions are targeted with the aim of compromising the network or payment system. The aim is to gain payment card data for illegal use. In some cases, payment card issuers have been attacked and cards have been issued by hackers with almost infinite limits.

While general vigilance is the answer to the first threat, there are cyber security measures that can be taken in response to the second to help you defend your business.

Generally these attacks take place when fraud monitoring is at a low level, for example at night or during the weekend. After penetrating the system, fraudsters can wait weeks or months ‘sleeping’ inside the system before completing their attack.

While this sounds unpleasant, the good news is that network security specialists can set up the systems you need to detect this kind of threat 24/7.

By working with an IT company that provides cyber security, you can be confident that the on-call team will be alerted to any threats and can connect remotely to counter the attack.

Direct Debit

This payment method is fantastic for businesses that operate subscription services, like magazines, flowers and beer, and also helps businesses pay regular bills. In fact, it’s the preferred payment method for 62% of people in the UK when making regular payments.

Direct Debit is so popular, in 2017 a total of £1.3 trillion was paid using this method. Which makes Direct Debit a prime target for cyber attacks.

Previously, Direct Debit was only available to larger businesses via their banks but smaller corporations can now use the scheme by signing up with a specialist Bacs-approved bureau.

While this takes much of the admin out of your hands, it does mean you need to be sure about the security standards adhered to by your bureau. Check to see if they comply with the Bacs Approved Bureau Scheme – this will go some way to ensuring payments are protected at their end.

Of course, the Direct Debit Guarantee also protects you and your customers by promising your money will be returned immediately from the relevant bank if a debit is made in error. But what happens if someone hacks your system and sets up fake Direct Debits?

The answer to this challenge is to ensure you have quality network security in place to repel would-be attackers. Quality software will run a suite of reporting tools in the background to list threats so you’re aware of suspicious activity and can take action yourself or contact your specialist cyber security team.

Other Forms of Electronic Payment

With more online retailers and purchases available, it’s no surprise that other forms of electronic payment, like those taken over the internet, are opening up other avenues for cyber attacks.

A particularly nasty attack is called a Denial of Service (DoS) Attack. It involves resetting or overwhelming your resources to the point where your system, application or network becomes unavailable to your customers and business.

Perpetrators are often hacking for financial gain and will use three methods:

Flooding attack – involves blocking access to a system by exceeding the maximum bandwidth

1. Protocol attack – by sending data packets through the communication protocols to such an extent that the system becomes blocked and overflows preventing genuine payments from being taken
2. Application Layer Attack – is completed by looking for and exploiting errors in the implementation of a protocol. This is then used to crash a particular server.

What can you do to counteract these threats? 3D Secure authentication protocols based on a three-domain model work well.

What does that mean? Leave it to us – our team of cyber security experts in Manchester are well-versed in deploying real-time fraud monitoring systems with in-built prevention capabilities.

By identifying suspicious patterns of behaviour your security system can stop fraud on the basis of rules and scenarios. Without compromising your business. This means threats can be identified and resolved often before you even know that there’s an issue.

Another important element of payment security is to ensure your systems are running the most up-to-date systems from service providers, card schemes and your IT provider. If your system’s telling you to update software it’s usually a good idea to hit ‘run’ and make a cup of tea. It could just save you a lot of money.

If your business relies on digital payment methods, securing your networks by working with Manchester cyber security experts is a must. By protecting your business and your customers’ payment data, you’ll be protecting your bottom line and your reputation.