Global payment card fraud loss reached a staggering $25B in 2016, equating to approximately 7 cents of each $100 in card spend, which reflects an increase from 5 cents per $100 in 2010. Over 15.4M victims in the U.S. were affected by fraudulent activity in 2016 – a 16% increase since 2015. So, what’s driving these excessive losses? Research indicates that some card fraud is a criminal racket that generates revenue for organized crime and terrorists to fund illicit activities. Unfortunately, many merchants are targets, so they must become more vigilant in protecting customer data from bad actors who are relentless in their pursuit of sensitive information.

This vigilance is more critical than ever as security threats can occur at multiple points in the payments chain. For example, with smart devices gaining momentum as a convenient payment option, additional complexities and potential for compromised security are introduced into the payments ecosystem. Recently, several major retailers were targeted by ransomware attacks, which can cause damage to one of a company’s most important assets – its brand. Consumers trust merchants to protect their card data and personally identifiable information (PII), so when cyber-attacks occur, it can diminish customer confidence.  In fact, the Cisco 2017 Annual Security Cybersecurity Report revealed nearly 40% of companies that experienced customer attrition after a security breach reported losing 20% or more of their existing customer base.  In the face of these threats, what should merchants do to protect their valued customers?

The Best Defense is a Good Offense
This adage holds true when it comes to mitigating card fraud losses. Cyber security is highly complex and demands continuous innovation to drive protection against hackers. We outline some of the defensive tactics merchants can initiate to help combat fraud loss and protect their business.

• Implement an electronic commerce fraud prevention strategy, coupled with protecting payment transaction data and developing a broader approach to securing networks, endpoints and overall infrastructure.
• Enlist executive-level support for additional IT budgets for security solutions and staff to concentrate on protecting customer relationships.
• Utilize layered security, which is at the core of payments and paramount to ensure optimal protection. This comes in the form of tokenization, point-to-point encryption, Transport Layer Security (TLS), and EMV, all of which ultimately protect payment card credentials while at rest, in transit and in use.
• Defend against cyber-attacks by including network and endpoint defense management techniques with hardware and software tools that protect site computing infrastructure from malicious software attacks, while also safeguarding POS and servers from vulnerability exploits.
• Protect against network borne attacks with cloud-policed firewalls (inside-and-out), while also including application whitelisting technology and continuous anti-virus updates to help shield payment networks from malicious attacks, such as the WannaCry ransomware.

NCR Connected Payments, a Software-as-a-Service (SaaS) solution, coupled with NCR Network and Security Services (NSS) suite, help retailers and restaurants defend against card fraud. These solutions help safeguard the merchant environment and secure the payment route with date and transmission protection from the PIN pad to the payment processor.

To speak to one of our NCR Payments & Security experts about developing a plan against card fraud, contact us or visit the ncr.com website.