NetSafe has offered up some advice for how businesses can protect themselves from online scams and credit card fraudsters.
Netsafe says businesses should talk to their bank or merchant provider about how their payment systems can be used to protect against online fraud.
“Enquire about options for monitoring payments and blocking such large scale automated attacks,” the company says in a blog post. “If you can, consider using third party card verification services from Visa and MasterCard to add a second layer of protection.”
Organisations should talk to their website developer, IT staff or a security specialist about ways to protect their site and any payment forms they host. Using SSL to encrypt information submitted is essential so that forms operate at an https:// address. “Discuss testing your systems for signs of common vulnerabilities and your options for fixing them.”
The internet safety group says to use a CAPTCHA on web forms or require an account be created. Technical solutions like these can potentially slow down automated software ‘bots’ that are designed to validate card numbers in quick succession.
“Limit transaction volumes or website sessions by IP address or pre-screen payments from high risk countries if you are seeing fraudulent attempts to donate,” the group says in regards to charity organisations.
“Many New Zealand charities may only wish to accept donations from Kiwis using credit cards issued by New Zealand banks,” it says. “Ask if you can filter payments by Bank Identification Number (BIN) to prevent overseas cards being accepted.”
NetSafe adds companies should consider monitoring traffic volumes to their website in order to keep an eye on potential scams. Business should talk with their website host about establishing an alerts services so they can be aware if they receive a sudden unexpected spike in visitors.
Specialist online fraud management services can help reduce the risk of scams. “Sift Science offer an online service to assess transactions before handing them on to your merchant provider and may be an additional way to reduce fake donations,” NetSafe says.
“Explore options from third parties with secure systems and dedicated resources to manage fraud such as PayPal or Givealittle,” it says. “Givealittle.co.nz allows NZ charities and schools to register for a free fundraising page.”
NetSafe says if your website has been targeted by credit card fraudsters, you should speak with your bank or merchant provider ASAP. You can also contact NetSafe via their freephone telephone number 0508 NETSAFE or report an incident online.