Christmas. The busiest time of year for many, but also a magnet for fraudsters wishing to cash in.
Last year individuals and businesses reported losing almost £16.5m to online shopping and auction fraud. That’s a 42% increase on the year before, when the damage was just over £9.5m1.
But there are steps you can take to reduce the threat of someone other than Santa breaking in this Christmas. Keep up your defences and you stand a much better chance of keeping the fraudsters at bay.
The hectic Christmas period can mean busy retailers “might let things slip”, so it’s important to be extra vigilant. Don’t take your eye off the ball, says Tony Neate, CEO of Get Safe Online.
But it’s also important not to lose out on business because of misplaced customer fears.
“We’re telling customers when shopping online to check that there is a landline they can call, and that there’s a physical address they can check,” says Tony. “Businesses should be aware we are doing this, so they can make sure that information is online.”
Step up safety
The first major step to being safer is simply awareness, and recent attacks at some big companies should help with that. “It’s been a wake-up call for all companies,” says Tony.
There are some other basics to take care of too. Make sure there is security software on all devices, and that it’s always updated. And make sure the devices themselves are secure in case of loss or theft, particularly if they’ve got confidential data on them.
Advice and awareness training for staff is also a good thing, Tony says.
What are the latest scams?
Social engineering – where people are made to do something that they wouldn’t normally do – is a common weapon in the fraudsters’ armoury.
Tony says it’s an area where scams are becoming more sophisticated.
One of these is vishing, where individuals are targeted through phone calls – sometimes a sequence of them – to try to extract confidential information. And personalisation is a trend that’s on the rise too.
“We’re seeing more ‘spear-phishing’, for example, where individuals are targeted. Instead of ‘Dear Sir’, it’s ‘Dear Tony',” he says.
“We’re also seeing ‘whale-phishing’, which is where they go after the big fish. CEOs, Finance Directors – they do as much work as they can finding out about that person so they can target them individually.”
For more information about staying ahead of the scams, read our five-step health check for fighting fraud and our guide to our methods of protecting against payment security fraud .
It’s also worth taking a look at our section on the Payment Card Industry Data Security Standard (PCI DSS). Designed to protect both the customer and the merchant, the PCI DSS helps ensure that you’re processing and storing customer card data as securely as possible. It won’t stop you being targeted, but it will make sure you’re in the best position to guard against an attack.
1 Figures refer to online shopping and auction fraud made to Action Fraud during 1 November 2014-28 February 2015