Close up of person typing on keyboard

Credit Card Fraud in Australia

As technology continues to improve, fraudsters have become more creative in the way they target individuals and businesses. In 2019, Australians lost over $634 million to scammers (ACCC, 2019). This number is up 30% on 2018 figures.

Rather than the traditional methods of asking someone to provide their sensitive information, fraudsters now have improved technology and carefully curated techniques that help them commit fraud with minimal risk of detection.

 

Fraud Techniques

As we move closer towards a cashless society, credit card fraud is becoming more prevalent and there are a number of methods fraudsters can use to steal another person’s funds.

Fraudsters used advanced techniques and one of the most effective and efficient means of credit card fraud is card testing. Card testing involves physically stealing a number of credit cards, purchasing credit cards from the dark web, randomly generating credit card numbers or using phishing or spyware techniques to obtain a card’s numbers. The core purpose of testing is not the purchase of an item but to verify the card details are valid and if the transaction was approved.

Fraudsters have now also created a means to commit illegal activity on a much greater scale, in the form of botnets. Botnets are a network of internet-connected devices that can validate a huge number of credit cards at an alarming rate. Botnets submit a large number of transactions to test the viability of stolen credit card details. Many popular shopping carts are being targeted by botnet attacks and one of the most effective means of prevention is velocity checking.

When a valid credit card is detected, it is common for fraudsters to use the credit card details to make small purchases on a merchant’s site. If a small purchase is successful, fraudsters can then proceed to make much larger purchases, a series of micro-purchases or sell the valid card on the dark web.

 

Challenges for Merchants

Fraudulent purchases are often made on small to medium businesses that don’t have the technology in place to detect or prevent it. Unfortunately for targeted merchants, this means they will likely suffer some challenges when fraudulent purchases prevail.

Chargebacks occur when the original cardholder has recognised fraudulent activity on their account with an unrecognised transaction made to you as the targeted merchant. When a dispute is made by the original cardholder or their bank, and you do not have proper proof that a legitimate sale was made using a PIN or signature, you may be liable to pay back the accepted funds and lose the value of the sale and incur a chargeback fee.

Each successful transaction, no matter how small, will count against the merchant’s chargeback ratio once it’s disputed – and crossing over the excessive chargeback threshold can be extremely costly for merchants. 

This is particularly important for eCommerce and online services, where a physical card is not present. In fact, ‘Card not present’ fraud represents more than 80% of all fraud on Australian cards. When a dispute arises, it is very difficult for an online merchant to prove a legitimate purchase was made. Therefore, it is critical that online merchants have technology in place to detect and prevent fraudulent transactions.

 

Opportunities for Merchants

To avoid liability for fraudulent transactions, merchants must be vigilant in their online payment processes. Some best practices to implement include Firewalls, CAPTCHA, Time out of user session and data validation of guest checkouts. Additionally, one of the best ways to avoid being out of pocket for fraudulent transactions is to partner with a verified payment processor.

Latpay’s fraud management service assists merchants to prevent chargebacks and stop fraud in its tracks. With advanced technology, Latpay can actively set a threshold for individual merchants to detect when unusual activity occurs on their site.

In applying the velocity and value threshold, Latpay reviews the past performance of the merchant to work out transactional averages. Latpays innovative technology has helped assist merchants who have been the victims of botnet attacks to significantly minimise losses.

If you’re a merchant, whether offline or online, it pays to be protected. Learn more about Latpay’s fraud management and get in touch with our team of experts to find out more.

Blockchain-biometrics

Payment and identity verification with blockchain & biometrics

How does your business manage customer data and identification? 

As one of the most secure methods of data protection available, blockchain technology has quickly become the industry standard for securely accessing customer information and ensuring it never falls into the wrong hands. 

Harnessing this best-of-breed encryption technology, our partners at Nuggets have developed an innovative platform that combines blockchain with biometric authentication to deliver the first-ever identity and payment app to the Australian market. 

 

Nuggets: Leading the way in data security

Nuggets is a secure payment security and ID verification platform designed to streamline business processes and deliver exceptional data security to customers. Using industry-leading blockchain and biometric technology, Nuggets helps businesses to protect customer data while offering simplified validation and payment processes for businesses. 

Latpay + Nuggets

Latpay has teamed up with Nuggets to offer a complete solution to payment security. Utilising our PCI DSS compliant merchant facility and payment gateway, we can now offer businesses a simple and highly-secure option for ID verification and payment processing, both online and in person. 

How it works:

Nuggets stores customer data securely using blockchain technology. This essentially means that the data is encrypted and dispersed in chunks to be stored across a range of sources, and is only accessible by the customer themselves. Not even Nuggets can access it.

When a business requests ID verification, customers only share enough of the data stored to complete the verification or transaction. This means that businesses never need to store personal or sensitive data about their customers. 

Benefits of using Nuggets:

Developed with both businesses and consumers in mind, Nuggets delivers a wide range of benefits that ensure the security of all users while streamlining processes and improving customer experiences. 

 

Business Benefits:

Fraud mitigation 

Combining blockchain and biometric technology, Nuggets helps to mitigate the risks of identity fraud with a highly secure platform that puts data security back in the hands of the customer.

Compliance assurance

Minimise the hassles of regulatory compliance with a payment and identity verification system that boast compliance to the major governing bodies, including Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Regulation (GDPR) and Second Payment Services Directive (PSD2).

Streamlined processes

Spend less time processing your customers with the ability to validate identification and verify payment methods in just seconds. Just send a request to your customer’s mobile and have complete confidence in the data provided – no second-guessing.  

No data, no breaches

Recent statistics show that around $527.8 million was lost over the previous financial year to card fraud in Australia, while the annual economic impact of identity fraud sits at around $2 billion. Mitigate the risks of a data breach and protect your business reputation by never storing customer data. If there’s no data, there’s no data to be breached. 

Secure payment processing 

Deploying Latpay’s secure payment technology, Nuggets delivers complete payment security using whichever payment method your customers prefer.

 

Consumer Benefits:

Protect your personal data

With none of their personal data collected or stored by your business, customers can feel confident in the protection of their personal data and therefore more comfortable doing business with you. 

Streamline identity verification

Customers can spend less time proving they are who they say they are with a pre-validated method of identification. A

Make payments simple

Using pre-loaded and pre-verified payment methods, customers can make payments in a few simple steps from their Nuggets app with the knowledge that their payment data will remain secure. 

No more passwords

With the capability to sign in via fingerprint scan or facial recognition, using Nuggets removes the need for pesky passwords. As well as sidestepping yet another password to remember, this also means reduced risk of phishing, malware or hijacking of phone accounts. 

 

Using Nuggets

Using the Nuggets platform for payment and identity verification is incredibly simple for both businesses and consumers, and can be completed in just 3 quick steps:

Step 1: Biometric single sign-on

Using either a desktop or mobile device, businesses and consumers can log in in seconds using biometric data saved to their account. This means no usernames or passwords required.

Step 2: Swift ID verification

The business then ‘pings’ a request to the customers’ device, requesting access to specific information. Once the customer receives the request, they can either approve or deny access for the business. Once approved, the verification process takes just seconds. 

Step 3: Secure payments

If taking payments, the business can then offer the most popular payment methods for their customers to pay directly through the Nuggets app. This includes credit or debit cards and even cryptocurrency. 

It’s that simple.

 

Ready to step into the future of business? Learn more about how Nuggets and Latpay can help you to reduce risk, increase revenue and streamline customer verification here. 

Benefits of using tokenisation for payment security

Tokenisation is the process of generating a random string of values (known as a unique ID number or token) to substitute sensitive data like payment details. 

Using tokenisation, businesses can offer a smooth and secure method of taking payments that allows increased protection against payment fraud. 

So how does it work? In essence, cardholder data is stored in a secure token vault that can only be accessed by the payment provider; consumer data is tokenised immediately upon making payment so their actual card data never passes through payment systems. 

What’s the difference between tokenisation and encryption?

When talking about tokenisation, many people think of encryption. However, tokenisation offers significantly greater security than encryption, quickly becoming the industry-leading method of securing data for payment processing. Here are some of the key differences: 

Encryption:

  • Mathematically generates cipher text using an algorithm and key
  • Format preservation means lower security strength
  • Encrypted data leaves the organisation

Tokenisation:

  • Randomly generates a value for plain text
  • Format maintained without any loss of security
  • Encrypted data remains within the organisation, allowing heightened security

Benefits of using tokenisation for payment security

Reduced impact of a potential data breach

While we hope it won’t happen, data breaches are all too common in businesses and industries across the board. You don’t have to be a large corporation to become a target, either. In fact, SME’s are often recognised for their inferior systems security, making them a primary target for hackers. 

Using tokenisation, however, sensitive data like credit card numbers aren’t accessible during a  breach. This is due to the fact that data is stored as tokens, and are therefore unusable to anyone but your organisation. So while tokenisation may not be able to protect your business against a breach, the financial impact will be significantly reduced by using tokenisation for data security. 

 

Protect your reputation and build trust

As a business, your reputation is arguably your most valuable asset, one that can take years to build yet an instant to destroy. To ensure your reputation remains intact, building and maintaining trust among your customers is absolutely critical.

Particularly for online businesses, customers need to have significant trust in your ability to protect their data in order to feel comfortable making a purchase.  

Tokenisation helps businesses to build and maintain this trust by demonstrating a dedication to data security. As the most impenetrable method of protecting payment data, consumers feel confident that their card details are safe and your business maintains a reputation of putting customers first.

 

Compliance with the Payment Card Industry Data Security Standard (PCI DSS)

To ensure security of cardholder data, any business accepting, processing, or storing card details must be compliant with PCI-DSS regulations. 

There are 12 levels of PCI-DSS requirements depending on various factors of your business – primarily, how many annual transactions you process. Regardless of your requirements, striving for the highest level of compliance is always recommended and tokenisation is a great way to achieve this. 

Of course, tokenisation doesn’t guarantee compliance. However, partnering with a PCI-compliant payment service provider to offer tokenisation means you’ll also benefit from other secure services that help you to meet your compliance obligations.

 

Offer industry-leading security with tokenisation

Tokenisation is undoubtedly the most advanced way of securing cardholder data for payment processing. If the security of your customers is paramount to your business, learn more about implementing tokenisation with a PCI DSS Level 1 certified provider like Latpay.

Getting paid with payment links

What is a payment link?

Payment links (or PLINKS) allow you to send payable invoices straight to your customers mobile, social media account, email and other comms applications. With the ability to accept credit cards and debit cards, online banking and digital wallets through the simple click of a link, your customers will be thanking you at every bill with on-time payments deposited directly into your bank account.

Why use payment links for your business?

PLINKs are an incredibly versatile yet streamlined payment method that allows you to improve cash flow by collecting payments 24 hours a day, 7 days a week.  As well as processing transactions and accepting online payments, PLINKs have the following advantages for your business:

Get paid on time

Sending SMS PLINKs to your customers is an easy and efficient way to get paid on time, every time. All your customer needs to do is view their invoice and simply click a link to pay. No getting lost in the inbox, just a straightforward, simple process that gets you paid sooner.

Take payments from more people

Asking your customers to log in to an application or online portal to pay your invoice can be a hassle, often resulting in late or missed payments. Using latpay’s simple PLINKs, you can offer a better system that everyone can access with the tap of a button – easy!

Offer better security

As well as being an easier way to pay, our PLINKs come with world-class security backed by the highest-level PCI DSS compliance (Level 1)  as well as our revered tokenization process to ensure that all your customers’ data remains in the right hands.

Get access to a personalised dashboard

Partnering with latpay, your business will gain access to a comprehensive dashboard that allows you to create and share personalised links with your customers. With complete clarity and control of your invoices, you’ll also be able to better manage your finances and know exactly when and where the money’s coming in.

The biggest advantages of using payment links

  • Send invoices immediately via simple links
  • Receive transaction management via SMS & email notifications
  • Accept all payment types & currencies from around the world
  • Maintain PCI DSS Level 1 Compliance
  • Customise your checkout to match your business branding
  • Protect your customers with real-time fraud management

Who are payment links ideal for?

While PLINKs are fantastic for just about any business, they’re particularly beneficial for businesses looking to step into the future of digital payments without completely reinventing the wheel. Some of the businesses that benefit the most from incorporating PLINKs include:

  • Clubs, associations and organisations
  • Gyms and sports centres
  • Businesses requiring joining fees
  • Monthly subscriptions
  • Phone & utility providers
  • And heaps more!

Why partner with latpay?

Offering a truly complete and integrated payment platform, Latpay can help you discover the real value of innovative technology for everyday business. As a leading Payment and Merchant Service Provider in the UK, Australia and Canada, we deliver superior transactional, fraud management and data tokenization services to businesses all around the world.

If you’re ready to take your invoicing capabilities to the next level, chat with us today!

The risks of cyber security & why you should care

Online crime and cyber-attacks in Australia

The Australian landscape for cybercrime is rapidly growing, with many businesses falling victim to the advances of online criminals every day. And while we often read about large-scale corporate data breaches in the media, medium and small businesses are actually more likely to become a target due to their often-minimalistic approach to cyber security.

To help you as a business owner understand why you should be concerned with cybersecurity, we’ve put together a brief guide as to what could be targeted and how. More importantly, we’ve also included some good examples of how you can protect yourself. Take a read below!

What could be at risk?

While you might think that your business information wouldn’t be of interest to a cybercriminal, the reality is that just about any piece of data or sensitive information can be a target. If you acquire, retain or produce any of the following information, it’s important that your business is taking the relevant precautions to protect itself against unauthorised access:

  • Financial records and data
  • Client records and data
  • Product design or business ideas
  • Business models
  • Intellectual property (IP)
  • Patents (current or pending)
  • Employee information

While all information can be a potential target for cybercrime, financial data is likely the biggest drawcard for criminals. For this reason, online businesses, in particular, can become vulnerable to additional risk if they are not adequately protected.

 How can cyber criminals access your information?

While the ways in which cybercriminals gain access to your information evolves every day, there are a number of traditional and well-known attacks to be aware of. Some of these include:

  • Breach of your website, payment processes or mobile app
  • Viruses and malware that can infect your computers or networks
  • Theft or remote access of your hardware and devices
  • Social engineering and phishing 

How can you protect yourself?

While it’s near impossible to ever be fully protected against online criminal activity, there are strategies and technologies that can be deployed to mitigate vulnerabilities and risks. This, paired with an understanding and awareness of the way hackers might attempt to breach your data, is the best way to approach cybersecurity.

Some of the simplest ways you can protect your information include:

  • Updating your website, Point-of-Sale (POS) systems and other devices with the latest software releases
  • Develop terms and conditions or procedures for staff to follow in regard to online security and the security of all company devices
  • Develop an incident response plan to ensure you’re prepared to react should a cyber breach occur
  • Implement network security, email protection and anti-virus software (with the help of a cybersecurity or managed IT company if possible)
  • If you run an online business, aim to satisfy PCI DSS Level 1 compliance requirements

Protecting your customer’s payment details with a secure payment platform

 If your selling products or services online, the way you take payment is critical to the safety of your customers’ payment information. Moreover, financial institutions will also require that you meet certain compliance targets to ensure the safety of their customers and yours.

At Latpay, we help our clients to take payments online through the implementation of secure hosted payment pages. Offering PCI DSS Level 1 compliance, every transaction is secured and fully encrypted to the highest standards to ensure your customer’s information remains untouched.

To learn more about the comprehensive benefits of Latpay’s merchant services, click here or get in touch with our customer service team to chat with a local representative today.