Card and BACS payments are now the norm in the online retail space. Whether it’s something as simple as a loaf of bread or a brand new car, people are spending billions annually on products through endless retailers via the internet.
People are typically used to working with larger retailers such as Amazon for their goods, as this is a trusted brand for over 20 years with a multitude of online payment protection offered to all users. But what do we do if you’re not as big as Amazon? What if I need to find alternative payment methods such as BACs and CHAPS?
In 2016, 6.22 billion payments were made using the BACS and CHAPS methods of payment, which allows people to be able to transfer money directly to retailer’s accounts via their details which can be shared instantly on an email. Mobile apps and Online Banking such as NatWest online and Barclays allow users to be able to send money instantly through their mobile devices, and do anything from pay bills to setting up direct debits, rather than visiting a branch.
Sounds great, right? Well, yes it’s a great way of working and it allows companies to run a tighter ship in terms of payments from clients and what not; however there’s a lot that can go wrong in a transaction like this including entering wrong details for payment or sending the wrong amounts entered for transferring. These simple mistakes can cause nightmares when trying to retrieve funds and makes life much harder for customers who use this as their preferred method of payment.
As well as basic human error, these types of payments are easy to manipulate to appear completely normal, but cover up something a lot more sinister. Hackers are always looking for a way to make easy money, and a simple BACS transfer to an account using a fake name would be a doddle for somebody who knows exactly what they are doing. More and more, we are seeing phishing style emails from cyber criminals who can replicate genuine email addresses requesting payment. To the naked eye, these would seem legitimate, but this couldn’t be any further from the truth.
Hackers are becoming increasingly more creative in how they capture sensitive information, and these emails are now so accurate you would struggle to tear them apart from the real thing.
If we look at this example, we can see that the recipient has received an email regarding a recent transaction with ‘Skype’ which seems perfectly normal. But if we look a little harder at the highlighted information, we can see there is already a critical error with the message. The sender has an email address of “skypepayment@ skypepayment.co.uk” for a PayPal transaction? If you receive emails from a company and their email address and company name do not match, do NOT respond or open any files that have been attached. As you can also see on the example given, there are multiple examples of small clues that would help you to decipher where this email has come from and whether it is the real deal.
How Can We Combat This?
Cybercrime is everywhere, as long as you have an internet connection you are at risk. But don’t panic, it isn’t all doom and gloom! You can make simple changes to ensure that both companies and consumers are kept safe and the future of transactions via the internet can remain safe.
Using things such as notifications in email footers is an excellent way of ensuring that your clients are constantly reminded through regular transmissions that sensitive information is always at risk. An example of this would be something along the lines of:
“Cybercrime notification: Our bank account details will NOT change during the course of a transaction. Please speak to us before transferring any money. We will not take responsibility if you transfer money to an incorrect bank account. If you receive an email from Joe Blogs LLP Ltd requesting your bank details or purporting to amend our bank details, please contact us, or your solicitor, as appropriate, by telephone immediately to clarify.”
Reminders can be set on most major systems to change your password every so often. We recommend doing this every 90 days to help minimise unwanted attacked. A mixture of CAPTILISED, sp3c1@lis3d characters and numbers is always a good way to ensure high security.
Using a range of Antivirus software’s allows users to be able to track and Trojans, Phishing and Malware that may try to infect their system. By keeping this type of software updated regularly, you can prevent these types of attacks.
If an email doesn’t seem right or you’re not sure of the recipients intentions, pick up the phone and speak to customer services to ensure that the details given are correct and that the person you are speaking to is who they are claiming to be! NEVER give your card or bank account details over the phone.
Cyber Essentials and Cyber Essentials Plus is a scheme developed by the government through consultation with industry to improve cyber security through public supply chains. We expect many private sector organisations to introduce the requirement as well. With a Cyber Essentials certification, you can be sure that your organisation has taken all the correct actions to reduce risks of cyber attacks and ensure data is kept secure.