Visa on why cybersecurity should be top priority for e-commerce

A world-leading payments provider on why the cybersecurity bar must be raised in online retail.
1 January 2020

Cybersecurity should be top priority for online retailers. Source: Shutterstock

Now more than ever, bad actors and cybercriminals are targetting shoppers online through cyberattacks, data breaches, and fraud.

Hence, payments companies are turning to cybersecurity experts. who can scan the market and spot risks, delivering better and more secure payment solutions.

Visa’s Payment Systems Intelligence Senior Director David Capezza is an example of one such specialist.

Capezza recently came into the limelight as a result of the company’s discovery of a new javascript-based card skimmer known as Pipka, which infected e-commerce merchant websites, stole card details, and then deleted itself from the merchant’s code before detection.

According to the alert issued by Visa, Pipka was identified on a merchant website that was previously infected with the JavaScript skimmer Inter, and PFD has since identified at least sixteen additional merchant websites compromised with Pipka.

In light of the alert, Tech Wire Asia interviewed Capezza to better understand Pipka and learn about the need for cybersecurity in the e-commerce space.

“Online skimming, or javascript skimming, has been an existing threat for many years and there has been a lot of news coverage highlighting threat actors and groups that focus on targeting e-commerce websites in order to steal payment data.

“The discovery of the Pipka malware by Visa was a game-changer because it was the first time anyone in the industry identified a JavaScript skimmer with self-cleaning capabilities.”

According to Capezza, the increasing sophistication of cyberattacks means that merchants need to be even more vigilant in reviewing their fraud prevention measures, rules, and solutions.

The pace of technology change and evolution in the eCommerce and digital spaces is swift and constant. Criminals take advantage of the pace of change to identify security vulnerabilities, outdated software, or exploitable merchant sites.

“E-commerce merchants should know that becoming a victim is avoidable. For example, following basic cybersecurity hygiene and complying with payment industry standards such as PCI DSS (Payment Card Industry Data Security Standards) can help mitigate the potential of being compromised.”

Capezza also advises e-commerce merchants to take advantage of the cybersecurity alerts and other resources that Visa and other companies in the payments space offer for free, in the public domain.

While security is a concern, technology solutions developed by industry participants can help e-commerce merchants put up a strong defense.

“I believe secure digital tokens is a technology that all merchants with an online marketplace must explore and consider implementing. As global payment volumes continue to shift to online channels, cybercriminals will follow the money to try and exploit any vulnerabilities they can find.

“Secure digital tokens devalue payment account information to where it becomes worthless to cybercriminals even if a merchant or a 3rd party within the merchant’s supply chain is compromised.”

Another payment technology that Capezza highlighted is 3-D Secure. It has the ability to help reduce payment fraud while helping merchants improve authorizations so they do not lose sales opportunities with customers, especially in the Asia Pacific (APAC) region where mobile payment is prolific.

At the end of the day, the cybersecurity expert believes that e-commerce merchants need to remain vigilant with their fraud prevention and payment security measures.

The work that Visa and other companies in the payment space do in order to discover threats and warn merchants is critical — but ultimately, it is the merchants that need to make the decision — to invest in the tools and solutions that help provide customers with secure payment options, and by extension, ensure a good and safe experience.

This article originally appeared on our sister site Tech Wire Asia