Knowing how to prevent cybercrime and chargeback fraud is essential for businesses with any kind of online presence. Right now, most businesses are working hard to provide quality services and products in exchange for a profit. Yet at the same time, unscrupulous parties are leveraging illicit means to drum up ill-gotten gains. That might mean using chargebacks to net free products, hacking to access to sensitive data, or another underhanded tactic.
Below, we’ll outline how much cybercrime is costing businesses. However, if you’re looking to jump into how you can protect your business from chargebacks, malicious software, and other threats, feel free to skip ahead.
Table of Contents:
- How to Prevent Cybercrime: What’s at Stake? (Hint: Trillions)
- Why Hackers Aren’t the Only Threat
- Tip #1 to Prevent Cybercrime: Keep Yourself Off the Hook With Phishing
- Tip #2 to Prevent Cybercrime: Friendly Fraud and How You Can Manage It
- Tip #3 to Prevent Cybercrime: Weak Passwords May Be No Password At All
- Tip #4 to Prevent Cybercrime: Malicious Software and Keeping it Off Your Systems
- Tip #5 to Prevent Cybercrime: Don’t Let Ransomware Take Your Organization Hostage
How to Prevent Cybercrime: What’s at Stake? (Hint: Trillions)
Unfortunately, a variety of cyber threats could impact your organization. IBM reports that the average cost of a single data breach exceeded $4.2 million in 2021. Meanwhile, Sum Logic states that the average cost of a cyber attack has reached $133,000 and that the total cost of cybercrimes likely exceeded $6 trillion in 2021.
Often, the headline-making sums involve large companies that lost control of vast quantities of data or otherwise exposed vital business processes to bad-faith actors. Yet even for small businesses, cyber security threats could quickly run up hefty bills and may even push firms into bankruptcy. Cybercrime Magazine reports that more than half of small companies went bankrupt within six months of a data breach or cyber attack.
Why Hackers Aren’t the Only Threat
When you think of cyber security threats, you may first think of hackers pouring through lines of code. In practice, however, many scammers instead rely on social engineering and the like. Human error, say falling for a phishing email, is estimated to play a role in 95 percent of cybersecurity breaches.
Meanwhile, even seemingly legitimate customers could actually be fraudsters using chargebacks to score free products, services, and money. With so-called friendly fraud, a customer may legitimately purchase a product or service, and then request their bank to reverse the charge. These fraudsters don’t intend to return the product or to use your refund policy, they just want free stuff.
Likewise, if scammers have gotten their hands on someone’s credit card data, perhaps through a phishing email or maybe via a data breach, they could use that info to make illicit purchases. Then, once the customer sees the unrecognized charges, they could file for a chargeback. Unfortunately, the businesses selling the goods and services are often on the hook for the bill.
Given how grave and prevalent the risks are, businesses should proactively combat cybercrime. Among other things, this means training employees to watch out for criminals, using advanced tools to monitor purchases and user behavior, fighting chargebacks, and many other things.
Let’s take a look at the most common criminal tactics and how you can protect your business.
Tip #1 to Prevent Cybercrime: Keep Yourself Off the Hook With Phishing
Phishing occurs when someone pretends to be another party, say a tax collection agency, and then hoodwinks users into handing over vital information (Social Security numbers, passwords, etc.) Unfortunately, phishing scams rose by 600 percent during the COVID-19 pandemic, with fraudsters often pretending to be health authorities. To no surprise, Verizon has found that phishing was involved in more than a third of all data breaches.
Phishing often gets tied into other crimes. For example, a scammer could send a phishing email to John Doe, pretending to be their bank and then getting John to hand over his debit card numbers. Data in hand, the scammer could then make a purchase online, ordering products and services.
Once John realizes he’s been hacked, he may contact his bank and request a chargeback. Unfortunately, the online merchant who sold the products to the scammer may have to foot the bill.
In order for phishing to work, scammers must get people to hand over their credentials, including Social Security numbers and other types of identity theft. This means human error is the key ingredient. If you want to protect your organization from phishing, then training is vital. You can teach employees and other stakeholders to watch out for phishing emails and to never divulge sensitive information, such as login credentials, over email or other communication channels without first checking with IT or management.
Tip #2 to Prevent Cybercrime: Friendly Fraud and How You Can Manage It
A costly chargeback occurs when a customer reaches out to their bank and requests that a charge be reversed. The bank will investigate the matter, and often, they’ll side with their customer, reversing charges. As a result, the merchant at the other end of the transaction loses revenue. On top of that, the retailer will get hit with chargeback penalties and fees.
Sometimes, chargebacks are legitimate. For example, a customer could get suckered by a phishing email, divulging their credit card to a scammer, who then used that info to make a purchase. In this case, their bank will most likely issue a chargeback, and it’s not hard to feel sympathetic towards the customer.
However, chargebacks themselves are often fraudulent. A customer could order something from a merchant, get the item delivered, fall in love with said product, but then still request a chargeback. In this case, the customer isn’t upset with the merchant or the products delivered, they just want free stuff.
This is called “friendly fraud” and it costs organizations over $30 billion dollars a year. Fortunately, merchants have recourse when it comes to chargebacks. Merchants can gather and present information showing that the purchase was legitimate (including signed shipping receipts, IP addresses, etc.) And with a strong case, banks may side with the merchant.
Sadly, the chargeback representment process can be a hassle. There’s a lot of information to gather and if you miss a deadline, you could quickly sink your case. Fortunately, chargeback management platforms make it easy to gather and submit evidence while also tracking deadlines and the like.
Tip #3 to Prevent Cybercrime: Weak Passwords May Be No Password At All
Corporate account takeover is another large consideration for businesses. Unfortunately, some people use poor, easy-to-guess passwords. An employee might set their password to “Password1234” or “admin1234” or something like that.
When hackers snoop around, they’ll often try to “brute force” their way into an account. This means trying out different passwords, including commonly used ones, to see if they can guess the right one. These days, malicious scripts can do the heavy lifting, entering passwords repeatedly until the right one is discovered.
You can protect your business, however, by requiring strong, hard-to-guess passwords. Many organizations now set up password policies, stipulating that passwords be a certain length and also requiring various attributes (including at least one symbol and one number, for example). You can also ban passwords, including commonly used ones.
It’s also smart to have employees change their passwords on a regular basis. For example, you might stipulate that employees provide a new password every 90 or 180 days.
You can also stipulate password policies for customers who create an account on your ecommerce store or website. Unfortunately, businesses may find themselves on the hook for customers who protect their account with weak passwords.
If someone brute forces their way into a customer account on an ecommerce site, they could make purchases and ship the products to a different mailing address. When the customer who owns the account notices the charges, they could file for a chargeback. Thus, the merchant could lose both products and revenues.
Tip #4 to Prevent Cybercrime: Malicious Software and Keeping it Off Your Systems
Cybersecurity has come a long way over the years. Got back 20 years and so-called malware was widespread. Malicious software, aka malware, is software developed or corrupted to harm users. Often, these programs look legitimate, and may even provide key functions, say allowing you to edit pictures or zip files.
Frequently, malware is used to steal sensitive data, including credit card numbers and passwords. As a result, malware could lead to further crimes, such as chargebacks. Malware can also exploit resources, including electricity. Right now, some malware programs will turn your computer into a cryptocurrency mining rig, with hackers keeping the money while you foot the electricity bill.
Antivirus solutions scan for malware and can even prevent you from installing it. Any organization serious about cybersecurity should consider antivirus solutions. You can also restrict users from installing software, allowing only the IT department and other authorized personnel to install new software.
Speaking of software, you want to ensure that all of your programs are up to date. Often, when developers patch software, they provide security updates, closing gaps that could otherwise let criminals via Magecart style attacks. It’s also smart to work with top-notch SaaS providers who regularly update their platforms.
Some organizations even go as far as setting up specific computers to handle banking and finance-related tasks, and only said tasks. Unfortunately, malware can sneak into your system through social media, malicious emails, browser plugins, and various other methods. By restricting a computer’s usage, you may close off entryways.
Tip #5 to Prevent Cybercrime: Don’t Let Ransomware Take Your Organization Hostage
Ransomware is a specific type of malware that encrypts your files, then demands payment to unlock them. Often, you have to make payments with cryptocurrencies, like bitcoin. Ransomware has exploded in the last few years, and is now one of the most well-known and also serious cyber security threats.
Besides using the methods already discussed, such as using antivirus software and employee training, you can also back up data. However, to protect files from ransomware, it’s best to create backups that can’t be modified. Otherwise, ransomware could take your backup files hostage too.
You’ll also want to use solutions that store backup files off of computers. This could mean local backup drives or cloud storage. Even if one computer is infected and brought down, you can still back up your data from other hardware or the cloud.
Take Away: It’s Time to Mitigate a Serious Risk
Cybersecurity is a serious issue and malicious actors are a grave threat. Whether it’s unscrupulous customers using chargebacks and friendly-fraud to score free products or hackers looking to abscond with sensitive data, businesses must take security seriously. Fortunately, you can use a variety of tools, including antivirus software, password policy enforcement software, and chargeback dispute management platforms, to combat threats. Combined with employee training, these tools can mitigate risks.