How to prevent healthy business growth from becoming detrimental risk
As if the recession is not enough to deal with, for small and medium businesses that are growing during these hard times you need to be aware that your credit card processor may view your growth as a potential indicator that you are at risk of going under and institute cash reserves. Unfortunately the industry has learned from experience that some merchants, about to go under, commit fraud by processing bogus orders to bolster cash flow; which is seen by the processor as a spike in sales from the merchant. In a time where bankruptcies and business closures are rising it is only natural that processors are nervous.
An unfortunate byproduct of this negative behavior is that legitimate merchants showing too much growth over a short timeframe can also be branded as being at “risk”. For those of you that may not understand the way the relationship between merchants and processors works, the processor is on the hook to pay for any consumer losses, chargebacks, if a merchant goes out of business and cannot, or decides not to, cover those losses.
This being said, it should be understood that a spike in sales is not the only reason a processor may want to implement reserves, there are a number of factors that are looked at. The point is if you are one of the lucky few merchants experiencing growth you can take proactive steps that could help you avoid the reserves scenario.
Friday, June 12, 2009
Is China Serious about Cybercrime
Domestically
As hacking hits home, China has vowed to fight cybercrime by making examples out of a few cyber criminals but is it enough? China’s antiquated cybercrime criminal code has recently made advances to help address the burgeoning problem that has started to affect small to large domestic businesses. In the past few years, Chinese hackers have started to demand money from small Chinese businesses or else… Typically, the hackers will initiate a DDoS attack against a business and then demand ransom to restore the system back to health. As a result, China has shown that they are putting forth some effort to combat this growing cyber crime problem…
Internationally
China has been called by experts, “The world’s malware factory” and for good reason. The country has developed into a major source of online attacks and zero-day attacks, which focus on unknown software vulnerabilities. In another article, “In China, $700 puts a Spammer in Business”, a valuable tool for spammers and a big problem for security professionals around the world is called bullet proof hosting. Usually, a web hosting providers will shut down a web site quickly, if large amounts of bulk emails are sent out and directing people to your site. However, with bulletproof hosting spammers don’t have to be concerned about being shut down because of spam complaints. The Chinese registers simply ignore the take-down requests, which cause a grey area for international cooperation. It should be noted that there are several major bullet proofing servers around the world but the vast majority are located in China. If the Chinese are truly serious about combating cybercrime they must address all aspects of internet security. It is true that actions speak louder than words…
As hacking hits home, China has vowed to fight cybercrime by making examples out of a few cyber criminals but is it enough? China’s antiquated cybercrime criminal code has recently made advances to help address the burgeoning problem that has started to affect small to large domestic businesses. In the past few years, Chinese hackers have started to demand money from small Chinese businesses or else… Typically, the hackers will initiate a DDoS attack against a business and then demand ransom to restore the system back to health. As a result, China has shown that they are putting forth some effort to combat this growing cyber crime problem…
Internationally
China has been called by experts, “The world’s malware factory” and for good reason. The country has developed into a major source of online attacks and zero-day attacks, which focus on unknown software vulnerabilities. In another article, “In China, $700 puts a Spammer in Business”, a valuable tool for spammers and a big problem for security professionals around the world is called bullet proof hosting. Usually, a web hosting providers will shut down a web site quickly, if large amounts of bulk emails are sent out and directing people to your site. However, with bulletproof hosting spammers don’t have to be concerned about being shut down because of spam complaints. The Chinese registers simply ignore the take-down requests, which cause a grey area for international cooperation. It should be noted that there are several major bullet proofing servers around the world but the vast majority are located in China. If the Chinese are truly serious about combating cybercrime they must address all aspects of internet security. It is true that actions speak louder than words…
The Grass May be Greener in Asia
Despite the financial crisis, Asia has continued to boom and companies are experiencing enormous gains in the region. For example, Alibaba and eBay have shown that resilience, localization and determination are key factors for success. Jack Ma’s Alibaba increased 2008 revenue by a substantial 39% with a net profit increase of 25%. Within this time period Alibaba posted a 41% increase in paying members and a 38% increase in registered users.
Alibaba’s Jack Ma also believes that 2009 is a year of investment. Alibaba has set strategic goals of aggressively pursuing growth through localized versions of Alibaba in Japan, South Korea and India while also expanding its presence in the U.S. and Britain. Alibaba is not alone. eBay has also begun to push its localization strategy deeper into Asia through numerous strategic alliances with companies such 99bill.com and Gmarket. South Korea’s market leader, Gmarket, has just begun to offer its services on eBay’s existing South Korean market platform. eBay hopes that the synergy will be able to provide it with a valuable potential platform for further expansion within Asia. As companies around the world push further into Asia investors may want to do the same…
Alibaba’s Jack Ma also believes that 2009 is a year of investment. Alibaba has set strategic goals of aggressively pursuing growth through localized versions of Alibaba in Japan, South Korea and India while also expanding its presence in the U.S. and Britain. Alibaba is not alone. eBay has also begun to push its localization strategy deeper into Asia through numerous strategic alliances with companies such 99bill.com and Gmarket. South Korea’s market leader, Gmarket, has just begun to offer its services on eBay’s existing South Korean market platform. eBay hopes that the synergy will be able to provide it with a valuable potential platform for further expansion within Asia. As companies around the world push further into Asia investors may want to do the same…
Telephone Relay Fraud
Not sure what a telephone relay is? A telephone relay is a tool used to help the hearing impaired make phone calls to businesses and other entities that may not have a tele-typing device to communicate with them. The hearing impaired can contact a special operator that will stand in the middle of the conversation to “speak” the words of the caller to the receiver. Unfortunately, the service has become a new weapon for fraudsters to commit fraud.
The exploit of the service is that the caller and origin of the call are protected from disclosure to the receiver by law, which allows scammers to hide their identity. The scam being employed is a variant of an overpaying scam where the fraudster places a call through the telephone relay service. The customer then explains that the delivery service they prefer to use doesn’t accept credit cards and asks the business to wire money to the shipper and to charge their credit card for the total plus shipping. The business ends up burned on both ends through the loss of goods and whatever funds were transferred to the shipper/fraudster. Importantly, companies must educate their employees on this type of attack and to take all precautions even if they feel bad for the customer.
The exploit of the service is that the caller and origin of the call are protected from disclosure to the receiver by law, which allows scammers to hide their identity. The scam being employed is a variant of an overpaying scam where the fraudster places a call through the telephone relay service. The customer then explains that the delivery service they prefer to use doesn’t accept credit cards and asks the business to wire money to the shipper and to charge their credit card for the total plus shipping. The business ends up burned on both ends through the loss of goods and whatever funds were transferred to the shipper/fraudster. Importantly, companies must educate their employees on this type of attack and to take all precautions even if they feel bad for the customer.
Supply Chain Attack Targets Chip and PIN
What was once regarded as the final solution to credit card and debit fraud has become a valuable lesson learned in the creativity, resources and capability for organized fraudsters to overcome fraud barriers. This is not another article talking about the shift in fraud from card present carding to cross border eCommerce fraud. According to US National Counter Intelligence, hundreds of chip and pin machines in stores and supermarkets across Europe have been rigged by fraudsters to send sensitive information overseas to fraudsters. The doctored machines were highly sophisticated and believed to have been infected when being built in China, before they left the production line. Security experts stated the scope of the crime was once only believed to be executed by a nation state’s intelligence service. What some may still regard as a full-proof system is anything but…
The Ill Will Effect on Business
In an article by Glenn Derene entitled "The Ill Will Effect: Who really likes their Telco Provider" in popular mechanics the author discusses a phenomenon called the “Ill Will Effect” and how it can have serious consequences for businesses.
In short the "Ill Will Effect" describes a market condition where consumers don't trust, or like, a company they are doing business with but feel they have little choice but to use them. At this point I am sure you are scratching your head to figure out what this has to do with eCommerce, but I think we can all gain some strategic insight from this article.
The article primarily focuses on telcos and cable companies and how individuals perceive and attach value to their brands. The author points out how some industries (i.e. telecoms and media) have benefitted from high initial establishment costs which limit competition and thus provide consumers with few options. This market dynamic has allowed these companies to be less worried about losing customers to competition, and subsequently suffer from poor customer service and brand risk.
The risk to the brand comes from consumers who may start to view their carrier companies as the “least evil” option. Once consumers become tired of the poor service they start looking for alternatives that provide similar services for similar costs. In this case large incumbents become vulnerable to smaller start ups that are more in-tune with consumer demands. Large incumbents that want to hold market share must protect their strategic positions by listening and addressing consumers’ concerns and demands.
Netflix, a little mail-in DVD online service, took Blockbuster by storm by offering a more convenient way to rent movies without late fees. Similarly, Skype has utilized low-cost VOIP to gain a substantial market share in the long-distance calling market.
All it takes is a disruptive technology and a small nimble firm with a bright motivated entrepreneur to take their big idea and turn an industry on its head. If you aren't willing to solve your customer's problems with your business model or an industry's business model, all it takes is one great idea to flash inside the head of an entrepreneur to remove the problem from your bottom line.
In short the "Ill Will Effect" describes a market condition where consumers don't trust, or like, a company they are doing business with but feel they have little choice but to use them. At this point I am sure you are scratching your head to figure out what this has to do with eCommerce, but I think we can all gain some strategic insight from this article.
The article primarily focuses on telcos and cable companies and how individuals perceive and attach value to their brands. The author points out how some industries (i.e. telecoms and media) have benefitted from high initial establishment costs which limit competition and thus provide consumers with few options. This market dynamic has allowed these companies to be less worried about losing customers to competition, and subsequently suffer from poor customer service and brand risk.
The risk to the brand comes from consumers who may start to view their carrier companies as the “least evil” option. Once consumers become tired of the poor service they start looking for alternatives that provide similar services for similar costs. In this case large incumbents become vulnerable to smaller start ups that are more in-tune with consumer demands. Large incumbents that want to hold market share must protect their strategic positions by listening and addressing consumers’ concerns and demands.
Netflix, a little mail-in DVD online service, took Blockbuster by storm by offering a more convenient way to rent movies without late fees. Similarly, Skype has utilized low-cost VOIP to gain a substantial market share in the long-distance calling market.
All it takes is a disruptive technology and a small nimble firm with a bright motivated entrepreneur to take their big idea and turn an industry on its head. If you aren't willing to solve your customer's problems with your business model or an industry's business model, all it takes is one great idea to flash inside the head of an entrepreneur to remove the problem from your bottom line.
Finding Real Value in a Stolen Card
Criminals are obtaining more tools to sort through the massive amount of card data to determine which cards are good and bad. Several commercial sites have sprung up that offer services to cybercriminals to check balances and limits on cards. They even offer volume discount! It’s estimated by experts that about 25,000 debit and credit cards are checked daily. These sites provide valuable information to the crooks and the only obstacles are the ability to read Russian and pay with virtual currencies, such as Webmoney.
How can they do this?
Well, many of these sites are able to hack the credit card payment networks to conduct “pre-authorization requests”. As you know the preauth places a temporary hold on the account, to make sure there is enough money to pay the bill. This happens all the time from restaurants to hotels. The cybercriminal have no intent on settling the transaction, they just want to see how much money is available on the card.
The cybercriminals also have designed their sites to check the cards using legitimate high jacked merchant account numbers and using unrelated merchant names. There have been incidents where merchants have complained to state governments about customers calling saying, “I didn’t buy that! Why are you charging me?” However, the state has been unable to do anything because the merchants have not experienced any financial loss. The accounts are changed frequently and the criminals bank on companies using different financial processing systems that don’t share data.
How can they do this?
Well, many of these sites are able to hack the credit card payment networks to conduct “pre-authorization requests”. As you know the preauth places a temporary hold on the account, to make sure there is enough money to pay the bill. This happens all the time from restaurants to hotels. The cybercriminal have no intent on settling the transaction, they just want to see how much money is available on the card.
The cybercriminals also have designed their sites to check the cards using legitimate high jacked merchant account numbers and using unrelated merchant names. There have been incidents where merchants have complained to state governments about customers calling saying, “I didn’t buy that! Why are you charging me?” However, the state has been unable to do anything because the merchants have not experienced any financial loss. The accounts are changed frequently and the criminals bank on companies using different financial processing systems that don’t share data.
2008's Record Year for Data Breaches
According to Verizon's 2009 Data Breach Investigations Report, the total number of consumer records compromised in 2008 exceeded the combined total from 2004 to 2007, which has resulted in cheaper black market credit card data. In terms of actual street price the value of stolen card information has dropped from $10 to $16 per record in mid-2007 to less than $.50 per record today.
The primary target for cybercriminals is still the retail and financial sector which represented 61% of the 285 million records compromised. According to the report, while the absolute number of attacks was smaller, the cyber criminals and methods utilized were very determined, very complex and extremely successful. 3 out of 4 data breaches came from an outside entity, not an insider.
The primary target for cybercriminals is still the retail and financial sector which represented 61% of the 285 million records compromised. According to the report, while the absolute number of attacks was smaller, the cyber criminals and methods utilized were very determined, very complex and extremely successful. 3 out of 4 data breaches came from an outside entity, not an insider.
Subscribe to:
Posts (Atom)
