E-commerce leaders need to think long and hard about securing digital payments. Source: Shutterstock

E-commerce leaders need to think long and hard about securing digital payments. Source: Shutterstock

Visa explains why cybersecurity must be a priority to e-commerce leaders

PAYMENTS companies realize that clients — in the brick and mortar world as well as in the digital space — are constantly fighting fraud, data breaches, and cyberattacks.

As a result, some of the leading payment processing companies employ cybersecurity experts who can scan the market for risks and better secure the payment process.

Visa’s Payment Systems Intelligence Senior Director David Capezza is an example of one such specialist.

Capezza recently came into the limelight as a result of the company’s discovery of a new javascript-based card skimmer known as Pipka, which infected e-commerce merchant websites, stole card details, and then deleted itself from the merchant’s code before detection.

According to the alert issued by Visa, Pipka was identified on a North American merchant website that was previously infected with the JavaScript skimmer Inter, and PFD has since identified at least sixteen additional merchant websites compromised with Pipka.

In light of the alert, Tech Wire Asia interviewed Capezza to better understand Pipka and learn about the need for cybersecurity in the e-commerce space.

“Online skimming, or javascript skimming, has been an existing threat for many years and there has been a lot of news coverage highlighting threat actors and groups that focus on targeting e-commerce websites in order to steal payment data.

“The discovery of the Pipka malware by Visa was a game-changer because it was the first time anyone in the industry identified a JavaScript skimmer with self-cleaning capabilities.”

According to Capezza, the increasing sophistication of cyberattacks means that merchants need to be even more vigilant in reviewing their fraud prevention measures, rules, and solutions.

The pace of technology change and evolution in the eCommerce and digital spaces is swift and constant.  Criminals take advantage of the pace of change to identify security vulnerabilities, outdated software, or exploitable merchant sites.

“E-commerce merchants should know that becoming a victim is avoidable. For example, following basic cybersecurity hygiene and complying with payment industry standards such as PCI DSS (Payment Card Industry Data Security Standards) can help mitigate the potential of being compromised.”

Capezza also advises e-commerce merchants to take advantage of the cybersecurity alerts and other resources that Visa and other companies in the payments space offer for free, in the public domain.

Truth be told, while security is a concern, technology solutions developed by industry participants can help e-commerce merchants put up a strong defense.

“I believe secure digital tokens is a technology that all merchants with an online marketplace must explore and consider implementing. As global payment volumes continue to shift to online channels, cybercriminals will follow the money to try and exploit any vulnerabilities they can find.

“Secure digital tokens devalue payment account information to where it becomes worthless to cybercriminals even if a merchant or a 3rd party within the merchant’s supply chain is compromised.”

Another payment technology that Capezza highlighted is 3-D Secure. It has the ability to help reduce payment fraud while helping merchants improve authorizations so they do not lose sales opportunities with customers, especially in the Asia Pacific (APAC) region where mobile payment is prolific.

At the end of the day, the cybersecurity expert believes that e-commerce merchants need to remain vigilant with their fraud prevention and payment security measures.

The work that Visa and other companies in the payment space do in order to discover threats and warn merchants is critical — but ultimately, it is the merchants that need to make the decision — to invest in the tools and solutions that help provide customers with secure payment options, and by extension, ensure a good and safe experience.