It’s safe to say that safety is at the forefront of most people’s minds during the COVID-19 pandemic. However, though the majority of people are concerned with their safety and the safety of their loved ones, many consumers are overlooking the safety of their sensitive payment information during the pandemic. As the Coronavirus has impacted how consumers participate in commerce, many businesses are shifting their day-to-day card processing methods to telephone orders and e-commerce processing. So it's important for you to understand the vulnerabilities associated with these card-not-present transaction types. Cyber criminals are well aware that the COVID-19 pandemic is an all too easy way to grab the attention of an unsuspecting consumer and initiate a phishing attack. A “phishing” attack occurs when a fraudster sends an email pretending to be a legitimate source in need of a consumer’s sensitive information (e.g. passwords,credit card numbers, social security number, etc.) A common phishing attempt at the moment is characterized by a fraudster imitating a government official pretending to have information regarding the current pandemic. The fraudulent email often contains malware (aka “malicious software”) intended to gather consumer data.
So, how do you make sure your sensitive information is protected?
Firstly, make sure you limit how much card data you store. Many businesses are offering IVR and SMS Payments as an alternative to face-to-face payments. Make sure to only enter your sensitive information on a secure web page.
Password breaches are another common way that fraudsters are accessing consumer information. Make sure that your passwords are secure, and avoid reusing passwords for different sites/logins.
Regarding security amidst COVID-19, the Department of Homeland Security recommends the following:
- Avoid opening email attachments/links if you’re unfamiliar with the sender. Emails or phone calls which request account information or verification of your account credentials are not to be trusted as legitimate businesses will never call you or email you directly for this information.
- Input any website’s domain name yourself, as businesses use encryption (Secure Socket Layer or SSL). Pay attention to certificate “errors” which may warn of suspicious web activity.
Companies must make sure they are staying PCI compliant as a way to protect consumers.. Many employees are being restricted to working from home, meaning that PCI related issues may not be handled properly. The PCI Security Standards Council released a statement saying:
“PCI SSC is aware of the unprecedented situation caused by the spread of COVID-19. As circumstances evolve, questions have arisen surrounding a variety of issues, including the impact on assessments and trainings. We are actively monitoring the developments and collaborating with our stakeholders and community on response and needed guidance.”
Personal safety and the safety of our families is not all we need to worry about during the COVID-19 pandemic. Now more than ever our sensitive information is at risk! Make sure you and your business are taking appropriate measures to remain secure during these uncertain times.