Protecting Your Business from Account Take Overs
We know that data security needs to be protected when collecting customer information. Account Take Over (ATO) is a type of criminal activity that utilizes information you have stored to mimic your customer. It is a form of Identity Theft. Account Takeover typically is seen in one of two ways, Credential Stuffing and Credential Hacking.
Credential Hacking is exactly what it sounds like. A criminal can gain access to login information of a customer and complete fraudulent transactions with the payment type on file. The ship to address will be changed to that of the criminal or another third party where the criminal can intercept the package. In this case the criminal is utilizing other customer’s information to steal goods from your company.
Credential Stuffing is similar to Credential Hacking. However, once data is breached, the date is then used on additional site and new accounts are created with existing stolen data. This data can be used on your site or on other sites to obtain goods. It is difficult to track where the stolen data came from when used on other sites.
One of the most difficult part of account take overs is the Credential Stuffing. Criminals may steal the data and then bide their time collecting more information and creating sleeper accounts. They may not do anything malicious with the information initially. They can let the sleeper accounts sit for as long as 6-9 months. This makes it difficult to determine where and when data was stolen.
Account Take Overs are damaging to a merchant’s reputation and to the bottom line. Security does not end at the collection of data. How your business secures the data is in storage is also crucial.
At Electronic Merchant Services we take data security of our clients and their customers seriously. We are here to advise the best ways to protect your business.
Using a Certified Payments Professional (ETA CPP) when setting up your merchant account is a way for you to know that you are working with an expert in the Payments Industry. These individuals are certified through the Electronic Transaction Association (ETA).
The ETA CPP program sets the standard for professional performance in the payments industry and is a symbol of excellence. It signifies that an individual has demonstrated the knowledge and skills required to perform competently in today’s complex electronic payments environment.
Discovering whether or not your sales agent is certified is as simple as vising ETA CPP Registry and inserting the sales agent’s name (We did find that some names needed to be entered in all caps).
Electronic Merchant Services is structured so that all accounts are managed by a Certified Payments Professional. If you are looking for a new merchant account or would like to have someone help you navigate the complexities of what you currently have in place you can reach us at info@emspayments.com or 208-273-5575.