Cybercrime is no longer just hackers sending phishing emails or small groups running online scams. According to new research from NordVPN’s Threat Intelligence team, cybercrime is becoming industrialized — with large-scale operations running fake stores, cryptocurrency scams, and malware campaigns across thousands of websites worldwide.

The report reveals three major global scam operations that demonstrate how cybercriminals are increasingly operating like technology companies, using automation, infrastructure, and large-scale systems to run fraud campaigns at scale.

Old software vulnerabilities creating new threats

One of the most surprising findings in the report is that attackers are still exploiting extremely old software vulnerabilities. In one campaign, cybercriminals exploited a 15-year-old vulnerability in an outdated web editor tool to compromise more than 1,300 websites, including government, corporate, and research domains.

These trusted websites were then used to redirect visitors to phishing pages, fake online stores, or malware downloads. Because the domains were legitimate, security systems were more likely to trust them, making the attacks far more effective.

Attackers exploit outdated software to compromise trusted websites and redirect users to scams

This strategy shows how cybercriminals are increasingly using legitimate infrastructure to run scams rather than building everything from scratch.

Cryptocurrency scams evolving into identity theft operations

The report also uncovered a large-scale cryptocurrency phishing network involving more than 100 fake crypto domains. The scam begins with emails claiming the recipient has received a large cryptocurrency deposit by mistake.

Victims are directed to fake cryptocurrency platforms where they are asked to log in and later pay so-called “gas fees” to withdraw the funds. In reality, the platforms are fake and the fees are stolen, while attackers also collect personal data for identity theft.

Cryptocurrency phishing scams trick users into paying fake fees and revealing personal data

These scams combine phishing, identity theft, and cryptocurrency fraud into a single operation, making them particularly effective and difficult to detect.

Fake online stores run like businesses

Another operation uncovered in the investigation involved more than 800 fake e-commerce stores built using common website tools like WordPress and WooCommerce. These sites advertise products at extremely low prices to attract buyers, but customers either receive counterfeit goods or nothing at all.

Investigators found that many of these websites were connected to a centralized operation, showing how automation allows a single group to operate hundreds of fake stores at once.

Cybercrime is becoming an industry

The most important takeaway from the report is that cybercrime is increasingly being run like a business. Criminal groups are using automation, software platforms, data analytics, and large-scale infrastructure to run fraud operations efficiently.

Instead of isolated scams, we are now seeing:

• Scam networks
• Fraud platforms
• Automated phishing systems
• Fake e-commerce ecosystems
• Industrial-scale cybercrime operations

This shift means cybersecurity is no longer just about stopping individual hackers — it is about defending against organized digital industries built around fraud.

The future of cybersecurity

As cybercrime becomes more organized and automated, cybersecurity will increasingly rely on AI, automation, and threat intelligence to detect patterns and stop attacks before they reach users.

For individuals and businesses, the biggest risks continue to come from phishing, fake websites, outdated software, and online scams — all of which are becoming more sophisticated every year.

The post Cybercrime Goes Industrial appeared first on Tech Trends.

Cyber attacks linked to geopolitical conflict are increasingly affecting the companies and systems that ordinary people rely on every day, according to cybersecurity researchers and analysts.

A new commentary from cybersecurity publication Cybernews warns that cyberwar is no longer limited to governments, military systems, or intelligence agencies. Instead, attacks are increasingly targeting healthcare systems, payment infrastructure, and critical services used by the public and private sector.

Cyber attacks moving beyond government targets

Recent incidents involving major companies highlight how geopolitical cyber retaliation can now have real-world consequences for businesses and public services.

According to reporting referenced in the commentary, Iran-linked hacktivist group Handala claimed attacks on payment provider Verifone and medical technology company Stryker. The alleged attack on Stryker reportedly disrupted operations and affected healthcare providers attempting to order surgical supplies, demonstrating how cyber incidents can ripple into healthcare systems and supply chains.

These types of attacks show that modern cyberwarfare is increasingly focused on economic and infrastructure targets rather than purely government systems.

Threat activity already increasing online

Security researchers say the threat landscape is already expanding as geopolitical tensions rise.

Researchers have identified thousands of newly registered domains related to Middle East conflict themes, which may later be used in phishing campaigns, malware distribution, or disinformation campaigns. Attack methods expected to increase include:

• Phishing campaigns
• Distributed denial of service (DDoS) attacks
• Ransomware
• Data leaks and hack-and-leak operations
• Destructive malware attacks
• Credential harvesting and password spraying

These tactics are commonly used by both state-backed groups and affiliated hacktivist organizations.

Human error remains the biggest vulnerability

Despite increasingly sophisticated cyber attacks, experts say the most common entry point remains human error and basic security weaknesses.

Common vulnerabilities include:

• Unpatched software
• Weak or reused passwords
• Default credentials on internet-connected devices
• Lack of multi-factor authentication
• Employees falling for phishing emails

Researchers also warn that artificial intelligence is making cyber attacks easier to scale, allowing attackers to generate convincing phishing messages and automate parts of the attack process.

This combination of geopolitical conflict, automation, and existing security weaknesses means organizations must improve basic cybersecurity practices to reduce risk.

Cyberwar now affects everyday services

The key takeaway from recent incidents is that cyberwar is no longer a distant or abstract threat. Instead, it is increasingly affecting companies that provide essential services such as healthcare, payments, logistics, and infrastructure.

For businesses, this means improving patching, authentication, and employee cybersecurity training. For individuals, it highlights the importance of strong passwords, multi-factor authentication, and caution when opening emails or clicking links.

As geopolitical tensions continue to influence cyber activity, experts warn that disruptions may increasingly affect everyday services rather than traditional government targets.

The post Cyberwar Reaching Everyday Systems appeared first on Tech Trends.

Cybercriminals are exploiting booking platforms and property management systems—forcing hotels to rethink how they defend their digital infrastructure.

A Growing Threat to Hospitality

Hospitality businesses are facing a surge in phishing attacks, with cybercriminals increasingly targeting hotel property management systems (PMS), booking platforms, and internal communications.

According to industry experts, attackers are using increasingly sophisticated methods to trick staff into revealing login credentials or installing malicious software—often by impersonating trusted systems or partners.

Nicola Longfield, General Manager for Accommodation at Access Hospitality, explains:

“Cybercriminals are actively targeting hotel property management systems, email systems, and booking channels… sending emails that appear to be from legitimate sources designed to trick staff into entering login information or downloading malware.”

These attacks are not random—they are highly targeted and tailored to hospitality workflows.

How Phishing Attacks Are Evolving

Unlike traditional phishing attempts, today’s attacks are designed to closely mimic real operational scenarios within hotels.

Common tactics include:

• Fake login pages that replicate hotel systems

• Lookalike domain names designed to deceive staff

• Google Ads used to promote fraudulent login portals

• Emails impersonating booking platforms or internal systems

• Urgent messaging around payments or reservations

Jan Hejny, CEO at HotelTime, highlights the growing sophistication:

“Phishing attacks are becoming far more targeted and contextual… often mimicking real payment or booking scenarios.”

Once attackers gain access, the consequences escalate quickly—ranging from fraudulent guest communications to full system compromise.

The Business Impact

The risks extend far beyond IT systems.

Potential consequences include:

• Compromised guest data

• Fraudulent booking communications

• Financial losses

• Operational disruption

• Long-term damage to brand trust

As Diego Baldini, CISO of The Access Group, notes:

“These attacks can result in compromised hotel accounts, fraudulent communications sent to guests, and serious reputational or financial harm.”

Industry Response: Collaboration and Awareness

Major hospitality tech providers—including Guestline, Mews, HotelTime, and Planet—are actively working to combat the rise in attacks.

Richard Johnson, Chief Information Security Officer at Planet, emphasizes the importance of shared intelligence:

“Fraud is a full-time operation… by sharing intelligence quickly and raising collective awareness, we continually make it harder for them to succeed.”

This highlights a broader shift: cybersecurity in hospitality is becoming a collective responsibility, not just an individual one.

How Hotels Can Protect Themselves

Experts point to several immediate actions that can significantly reduce risk.

1. Adopt Phishing-Resistant MFA (Passkeys)

Passkey-based authentication is emerging as the gold standard.

• Creates a cryptographic link to legitimate login pages

• Prevents credential theft even if phishing occurs

• Eliminates reliance on passwords and one-time codes

• Supports biometric or hardware-based authentication

2. Train Staff and Reduce Human Risk

Human error remains the primary attack vector.

• Bookmark official login pages

• Avoid logging in via search engines

• Identify suspicious emails and urgent requests

• Encourage immediate reporting of potential threats

3. Strengthen Access Controls

• Use strong, unique passwords

• Avoid shared login accounts

• Implement role-based access permissions

4. Keep Systems Updated

• Apply security patches regularly

• Maintain antivirus and firewall protections

• Back up critical systems and test recovery processes

Why This Matters Now

The rise in phishing attacks reflects a broader reality: hospitality is becoming an increasingly attractive target for cybercriminals.

Hotels sit at the intersection of:

• Financial transactions

• Personal data

• Real-time customer interactions

This makes them uniquely vulnerable—and highly valuable targets.

Conclusion

As phishing attacks grow more sophisticated, hospitality businesses can no longer rely on basic security measures.

The shift toward phishing-resistant authentication, staff awareness, and proactive system management is no longer optional—it is essential.

In an industry built on trust and guest experience, cybersecurity is quickly becoming a core pillar of business resilience.

The post Securing Hotel Booking Systems appeared first on Tech Trends.

Please tell us more about yourself?

I’m Philip Attfield, CEO of Sequitur Labs Inc. I have more than 25 years of experience in computing, networking, security and systems modeling at both large and small enterprises. I began my career at Nortel where I was a member of the scientific staff, developing software tools and in-house products for modeling, synthesis and verification of telecom and network equipment hardware. I later founded Signal 9 Solutions, which pioneered PC/desktop firewalls and created the Conseal brand of security products. At Boeing, I led the team responsible for the development of large-scale security policy and management framework. I’ve served in a number of high-profile roles in the field of digital forensics and am a frequent keynote speaker at international security conferences.

What is Sequitur Labs’ mission and what unique products/solutions do you provide?

Sequitur Labs is a software company developing and commercializing revolutionary technologies to improve embedded device and system security, manageability, and trustworthiness in the connected economy. Sequitur helps device OEMs reduce the cost and complexity of implementing security correctly by providing packaged software as a product. Sequitur’s software leverages advanced, on-chip hardware security technologies to deliver high-value strong security, economical and accessible security solutions.

Sequitur’s software solutions are critical security enablers for a large, worldwide market of device makers that need strong security but cannot afford the in-house expertise. Sequitur’s business approach includes demystifying and driving down the cost of security, simplifying deployment, and messaging the business value of security.

Could you give us a walkthrough of Sequitur’s products and what sets them apart?

The EmSPARK Security Suite was designed to address solutions in industries where embedded security is paramount such as industrial control, building automation, the smart home, machine vision, automotive communication, and medical devices. Built on three pillars of product security – design, build and sustain, EmSPARK provides device manufacturers with the firmware, tools and APIs needed to properly execute IoT protection. Our latest version of the EmSPARK Security Suite provides a robust security framework protecting embedded firmware, keys and security-critical assets through the entire device lifecycle. It enables silicon hardware security features, secure device provisioning, and API access to essential trust services such as secure storage, firmware updates and payload verification.

The EmSPARK Security Suite delivers a host of capabilities, including the integration of OpenSSL with functions secured by ARM TrustZone and preconfigured to use cryptographic functions available processors supporting this technology in hardware. The EmSPARK Security Suite also includes key management functions that form the basis of several secure processes such as trusted boot, storage and authentication with IoT clouds.

This allows developers to focus on building their application and/or device rather than spend time reading through data sheets to configure various hardware components. The result is that they can get their products to market faster.

Having an IoT security solution in place does not guarantee protection against an attack. How does your company offer greater assurance?

Devices secured by the EmSPARK Security Suite help customers reduce the risk and liability associated with IoT deployments. The Suite covers security requirements relevant at various stages of a product’s lifecycle.

We believe that a product must be secured from the time it is manufactured to the time it is decommissioned. This ensures that a company’s intellectual property (IP) is not stolen, the device operates without compromise at any point in its life, and that customer data is protected at all times. Additionally, it ensures that connections with remote systems, such as IoT cloud servers, are secure and tamper-proof.

For example, the EmSPARK Security Suite enables implementing a root of trust, which supports a variety of secure processes such as trusted boot. It creates a dual operating environment because a TrustZone-enabled processor can switch between secure and non-secure states. This allows isolating and separating critical material and data in a hardware secured area, dramatically improving device security. Developers can easily build applications that use secure resources without having to become experts in cryptography and complex hardware security technologies.

Analysts predict the global IoT security space will grow to USD $36.6 billion by 2025. Where do you see the future of IoT going?

With as many as 60 billion smart devices expected to be online in the near future, the likelihood that IoT products, applications and systems are going to be the main points of vulnerability from an organizational security standpoint seems fairly obvious. There are lots of lines of security built into corporate data centers to prevent break-ins and malicious attacks from cybercriminals but not nearly as much effort to secure the devices connecting to those data centers. The greatest obstacle to a future serviced by smart devices is security, including aggressive new variants that attack endpoints at the edge and threaten embedded computing systems.

IoT security is at an inflection point. In-house efforts to address device-level security are difficult and expensive, making it an unattractive option for many manufacturers. But I believe that the success of our industry will be achieved by helping developers build applications that use secure resources without having them having to become experts in cryptography and complex hardware security technologies. IoT will only be successful if device manufacturers and system operators can successfully and economically protect against threats. Working hand-in-hand with a comprehensive IoT security software solution will promote the growth of the industry beyond analysts’ predictions.

The post Improving IoT Security in the Connected Economy appeared first on Tech Trends.

By Daniel Markuson, Digital Privacy Expert at NordVPN.

422.49 billion spam emails are sent worldwide every day. This number also includes phishing, sextortion, advertising, and finance-related scams. Most people can already spot the traditional spam messages that claim they have won a new Lamborghini or inherited a million dollars, so spammers are finding new creative ways to trick people into giving them money or information.

There has been an increase in the numbers of SMS spamming attacks known as smishing
Share on X

With so much personal data available out there, it is much easier for criminals to customize all kinds of scamming attempts – from simple spam, to much more advanced phishing or extortion. These emails, messages, and websites often seem so real, and provide such a high level of detail, as to make even the most cautious person susceptible to falling into a trap.

A few months ago, a massive smishing attack produced tens of millions of fake SMS messages, inviting the recipients to go on fake websites
Share on X

A New Era of Smishing

Recently, there has been an increase in the numbers of SMS spamming attacks, known as “smishing” where scammers try o steal people’s personal information or credit card details. They do this by initially sending text messages designed to look like they come from a bank, an employer, or an official governmental institution.

422.49 billion spam emails are sent worldwide every day
Share on X

A few months ago, a massive smishing attack produced tens of millions of fake SMS messages, inviting the recipients to go on fake websites. The texts were generated by a spam-sending database run by a company called ApexSMS. Interestingly, the system was able to detect when people messaged back using keywords such as “report” and “FCC. These phone numbers were added to a special list of contacts that would not be used by the fraudsters again. However, you should bear in mind that responding to these kinds of texts may leave you vulnerable to identity theft because if you contact the hackers, the hacked phone transmits your sensitive data stored on it.

Responding to a text can leave your phone vulnerable to being hacked
Share on X

As investigators later discovered, the database contained around 80 million records. They included people’s names, phone numbers, carrier network names, IP addresses, and even locations. Out of the 38 million texts. that were sent during the attack, 2.1 million people clicked on a link in the fraudulent message. Luckily on this occasion, the scammers used an unprotected server, which experts discovered in time to stop the attack.

Scammers are abusing Notifications and Push APIs on Android devices
Share on X

Fake Missed Calls

Besides SMS frauds, scammers are now abusing the Notifications and Push APIs on Android devices. These two APIs are used to push notifications on mobile phones to re-engage users. An application or server can push them even if the app is not running. The problem is, the API allows scammers to make their notifications look identical to a legitimate app. For example, they can create fake alerts customized to look like a missed phone call.

Scammers aim to take advantage of well-known applications by creating false alerts using the looks of popular apps
Share on X

One of the ways scammers exploit the feature is using Google Chrome to push messages to mobile phones. To hide their origin, the Google Chrome icon is changed into a “Missed Call” notification. When this happens, one message informs the scammers that they can hack the phone. Another one shows a missed call from a medium called Esmeralda.

Once users press the fake push notification, their phones get hacked
Share on X

Scammers aim to take advantage of well-known applications. They create false alerts using the looks of popular apps. This confuses mobile phone users. Once they press the push notification, their phones get hacked. Thus, before pressing the notification, it is important to pay attention to the message that it contains and think if it is actually related to the nature of the app.

While fraudsters are becoming more creative, it is still possible to save ourselves from their attacks by becoming more aware of the latest scamming techniques
Share on X

Phishing with legal threats

Another new strategy that creative spammers are now using is lawsuit emails. They send fake emails, which claim that the recipient is being sued and request to open and read the attached fraudulent documents and respond within seven days.The scammers use the names of existing law firms and falsify their email addresses. Most of the time, they target the employees of big companies. Around 100,000 businesses have been attacked to date — mostly in Canada.

Around 100,000 businesses have been attacked to date with legal threat phishing scams — mostly in Canada
Share on X

Steps anyone can take to protect themselves

While fraudsters are becoming more creative, it is still possible to save ourselves from their attacks by becoming more aware of the latest scamming techniques. Then, it is crucial to check the messages, phone calls, and emails you receive before opening them. These are the basic but important steps in protecting ourselves handing our personal data to scammers.

The post Expert View: Spam and Phishing Trends appeared first on Tech Trends.

It might seem counter-intuitive, but the greatest threat to the cybersecurity of your business is likely to come from the inside.

And we’re not talking infiltrated spies eithe. The ones most likely to compromise your security are actually your trusted employees. Without any malicious intent at all, they are often just a few careless mouse clicks away from costing your business a fortune.

Your trusted employees are just a few careless clicks away from costing your business a fortune in cybersecurity breaches
Share on X

Employees harm your business by visiting infected websites, responding to phishing emails, using business email through public Wi-Fi on an unencrypted connection, or something as simple as having one password for access to all business assets and personal accounts. Neglecting cybersecurity can cost companies tens of thousands of dollars, hours of downtime and loss of customers. The most alarming fact is, that cyber attacks happen more than 4000 times each and every day, and can strike the same company several times per year!

Employees harm your business by visiting infected websites, responding to phishing emails or using business email through public Wi-Fi
Share on X

Such attacks are often financially motivated – ransomware, for example – or sometimes directed at obtaining specific data. Confidential business information at stake would include company finance records, customer and employee personal data, or highly valuable (and vulnerable) intellectual property assets.

Preventing cyber attacks is a sound investment considering the high risk and costs involved in recovery from damages
Share on X

Preventing cyber attacks is a sound investment considering the high risk and costs involved in recovery from damages. EveryCloud Spam Filtering has compiled this infographic to provide some insight into how cyber attacks can harm their business and what they can do about it.

The guide explains the main targets of cybercriminals, the role employees play in cybersecurity and the benefits of Cybersecurity Awareness Training. By regularly training your employees, your company will benefit from a security-first awareness that emphasizes prevention, detection, reporting and learning from mistakes.

By regularly training your employees, your company will benefit from a security-first awareness
Share on X

Types of training include

• Classroom training
  Instructors will teach your employees in person, which has the advantage of stronger engagement and the ability for them to ask questions of the instructor, raising relevant concerns and addressing them.
  

• Online training
  The fastest and most convenient, way, these are effective as long as fully completed by employees.

• Visual Aids
  Interactive assistants installed on your employee’s computers. These will actively protect your company and make employees aware of key points where threats can be detected and prevented.

• Phishing campaigns
  Best way to see the current state of security awareness in your business?
  Test your employees with simulated attacks. These will give you and your employees great insight into how to detect attacks, where to report them and learn from mistakes in a controlled manner.
  

Alice Bonasio is a VR Consultant and Tech Trends’ Editor in Chief. She also regularly writes for Fast Company, Ars Technica, Quartz, Wired and others. Connect with her on LinkedIn and follow @alicebonasio and @techtrends_tech on Twitter.

The post Infographic: Cybersecurity Training appeared first on Tech Trends.

Protecting your IT Infrastructure is very serious business these days, so how can we best safeguard against cyber threats?

With this in mind, the helpful folks from Transcosmos Information Systems put together a few best practice tips to keep your IT infrastructure secure. These include:

A secure password is that it must be at least 8 characters long
Share on X

Control log-in information and regularly change your passwords

The rule of thumb for a secure password is that it must be at least 8 characters long, combine uppercase and lowercase letters, and at least one number or special character. And Although it’s a bit of a hassle, it is recommended that you change your passwords regularly to keep them secure, preferably every quarter or so.

Change your passwords every quarter or so
Share on X

Implement two-factor authentication

Whenever possible, put in place a system that requires more than one form of authentication to grant users access. This means that in addition to a password, you can, for example connect your mobile phone to the server and get it to send you a unique code that you must enter to verify who you are.

Adding additional layers of security is recommended to keep data safe
Share on X

Store credentials in a secure way

The best way to avoid data breaches is securing your credentials securely through password hashing. To hash a password means to transform it into a unique value before storing it in your database. Since this is a one-way algorithm, it’s impossible to turn the hashed password back to its original form.

Always have an encrypted back-up of your data
Share on X

Delete users and groups you don’t use

Regularly check who has access to your servers. Are they still around? Things change and so should your permissions.

Keep your firewall and virus scanning software up-to-date
Share on X

Constantly scan for viruses

To catch viruses early before they have a chance to do any significant damage to your system, you should conduct regular scans and diligently update your antivirus software.

VPNs are your friends where it comes to data security
Share on X

Update software and operating systems

Software is a bit like bread, it’s only great when it’s fresh. You must therefore make sure you keep your infrastructure packages and operating systems updates so they’re in tip-top condition. Regular updates fixes bugs and guarantees there are not gaping holes in your system security.

Security software is a bit like bread, it’s only great when it’s fresh
Share on X

Fireproof your firewall

Having a good firewall is a must for securing your server infrastructure. It provides an extra layer of protection to your system’s inbuilt security features, through which you can control all the different pieces of software or services that you need to expose to the network. Less exposure = less for hackers to get their mitts into.

Firewalls provide an extra layer of protection to your system’s inbuilt security features
Share on X

SSH key authentication

SSH cryptographic keys that contain more bits of data than a typical password, making them more difficult to crack and less vulnerable to attacks. It also saves you having to remember your passwords. Win-win!

SSH cryptographic keys that contain more bits of data than a typical password
Share on X

Use private networks and VPNs

Virtual Private Network (VPNs) keeps your browsing secure, and your internal communication private.

Virtual Private Networks keeps your browsing secure and your communication private
Share on X

Encrypt, encrypt, encrypt ….

Encryption – the process of translating sensitive electronic data into unintelligible code – means that only those with authorized access can access and decipher your data. All the cool kids are doing it.

Encryption is the process of translating sensitive electronic data into unintelligible code
Share on X

Install good security software

It is worth investing in packages from sources you know and trust rather than trying to cut corners, as these might provide a backdoor through which hackers can access your systems.

Find your vulnerable spots before hackers do
Share on X

Test your vulnerabilities

Regular network vulnerability scanning can help you identify weaknesses in your server and address issues before hackers get to them.

If you can afford it, hire a professional to help keep your commercial IT systems secure
Share on X

Keep secure and encrypted backups

Your data may well get lost or corrupted at some point, and if that happens, you definitely want to have a plan B to allow you to quickly get back on track.

SSH keys also mean you don't have to remember loads of passwords
Share on X

Get a Pro to have your back

In this increasingly complex security landscape, it pays for companies to have an IT expert on their side to keep on top of security.

Header image attribution: blogtrepreneur

Alice Bonasio is a VR Consultant and Tech Trends’ Editor in Chief. She also regularly writes for Fast Company, Ars Technica, Quartz, Wired and others. Connect with her on LinkedIn and follow @alicebonasio and @techtrends_tech on Twitter.

The post Infographic: Cybersecurity Tips and Best Practices appeared first on Tech Trends.

With the global cost of chargebacks mounting for consumers, banks and merchants alike, we need innovation to fight back

Online fraud is now the most commonly experienced crime in England and Wales, according to a report published by the UK National Audit Office (NAO). Up to 1.9 million cyber-related fraud incidents were estimated to have taken place last year alone, with the cost likely to run into billions of pounds.

Online fraud is the most commonly experienced crime in England and Wales
Share on X

The report also outlined that the NAO faces a significant challenge in influencing partners, such as banks and law enforcement bodies, to take on the responsibility of preventing and reducing fraud. As a “low value but high volume crime”, fraud is often overlooked by governments, law enforcement, and industry alike, says Amyas Morse, Head of the NAO. Acknowledging that the landscape for tackling online fraud is extremely complex, the report calls for an urgent response to address it.

Fraud is often overlooked by governments, law enforcement, and industry
Share on X

The report further cites that online fraud is under-reported; even where data is available there is a lack in the sharing of information between government, industry, and law enforcement agencies. In fact, there is no formal requirement for banks to report fraud or share reports with government, yet we see consistent evidence of fraud recurring all over the world. This is an enduring and global problem, one that takes a heavy toll on merchants and service providers of all sizes, as well as banks, issuers, and ultimately customers.

There was a 17% rise in consumers being caught out buying phantom goods online
Share on X

The growing scale of online fraud also suggests that many people are still not aware of the risks, and that there is much to be done to change behaviour. This is also evidenced in separate figures from Citizens Advice showing a 17% rise in consumers being caught out buying “phantom” goods online. This type of cybercrime occurs when fraudsters advertise items at cut prices on social media sites like Facebook and Instagram—as well as online marketplaces such as Gumtree and eBay—and con buyers into spending on average £1,100 on products ranging from cars to flights and even insurance, which simply do not exist. In only a few months, January to March this year, Citizens Advice logged over 3,600 complaints about such phantom goods.

These scams can have a lasting financial and emotional impact on consumer confidence and their relationship to merchants. While educating consumers is both sensible and necessary, the NAO report stresses that government and industry still have a responsibility to protect citizens and businesses. The report also found that the protection banks provide varies, with some investing more than others in educating customers and improving their anti-fraud technology.

Given that organized attacks of online fraud is likely to increase, this investment is absolutely essential—yet keeping up with the latest techniques employed by fraudsters can put tremendous strain on a company’s logistics. While few would argue that fraud detection and prevention is a priority for businesses, the fact is most businesses lack the necessary resources to build and maintain such solutions. It is the industry’s responsibility, however, to keep up—and ideally get ahead—of these fraudsters in order to protect both themselves and consumers.

Technology adoption can have significant impact on fraud prevention
Share on X

The adoption of such technologies has indeed been shown to have a significant positive impact on fraud prevention. Take, for example, EMV—the technical standard for smart payment cards and terminals that have allowed the rollout of payment solutions, such as Chip and Pin and Contactless. In the UK, its implementation led to a dramatic reduction of 32% in the levels of overall card fraud in the seven years following their introduction in 2004, according to official figures from the UK Card Association.

Such measures have undoubtedly made fraud much more difficult to perpetrate in “card present” payment scenarios, yet the shift to online retail has brought with it an entirely new set of challenges relating to fraud prevention and mitigation. There is no getting away from the fact that individual shopping habits have fundamentally changed over the past decade, and that the shift towards online and mobile shopping is not going to be reversed. PricewaterhouseCoopers’ (PwC) Total Retail 2016 Survey found that the popularity of mobile shopping continues to rise, stating that “46% of our global sample buys products via mobile at least a few times a year, compared to 40% last year”.

Chargebacks happen when customers dispute a transaction and request a refund
Share on X

While this might be good news for consumers in terms of better prices, more choice, and added convenience, it leaves the bulk of “card-not-present” transactions—which are the norm in online shopping and vulnerable to problems such as chargebacks. These chargebacks happen when customers dispute a transaction in their statement and request a refund—often going directly to their card issuer or bank and bypassing the merchant altogether.

Gross card fraud losses for 2015 reached $21.84 Billion
Share on X

According to The Nilson Report, gross card fraud losses for 2015 reached $21.84 Billion, not including the costs incurred by issuers, merchants, and acquirers for their operations, call centres, and chargeback management. By 2020, the report concludes, card fraud worldwide is expected to reach $31.67 billion, and that measures such as improving methods of reducing fraud on card-not-present transactions are critical to keeping those losses in check.

This is a complex issue, since there are many factors which can trigger a chargeback in the first place, and a blunt approach can cause a merchant more harm than good. One of these factors is known as “buyer’s remorse”—where a customer finds a product at a cheaper price elsewhere and uses the system as an alternative returns and refund mechanism. This is one of the forms that so-called “friendly fraud” takes. Another common scenario is where a person requesting the refund is not entirely sure they haven’t made the transaction, but will “try their luck” anyway. Since the cost of investigating such claims is often much higher than the value of the refund itself, banks will mostly opt to issue the refund without dispute, and some customers have learned to take advantage of this to manipulate the system. According to industry research firm Aite Group in their Impact Note of August 2016, 60% to 70% of chargebacks are the result of first-party or friendly fraud.

There are many ways for businesses to make themselves less vulnerable to chargebacks
Share on X

Business can minimise vulnerability to chargebacks in various ways. These include ensuring that they build a good relationship with their customers, by providing accurate product information and keeping the lines of communication open, so customers are more inclined to approach merchants with queries than to go directly to the issuing banks to initiate a dispute. Having a clear and efficient refunds policy also minimises the chance of experiencing so-called buyer’s remorse, where a customer is tempted to use chargebacks as a backup refund mechanism. However, many customers still get confused when seeing an unfamiliar name appear on their statement, as often merchants will be listed under names which differ significantly from their brand or trade name.

“When a customer sees a charge they don’t immediately recognise on their card, they often ask the bank to remove that charge from their statement”, explains Matthew Katz, CEO of Verifi, a provider of end-to-end payment protection and management solutions. “This is done by calling the bank directly to raise a dispute, leaving out the merchant who could potentially provide further information to clarify what the charge relates to. In fact, our research has found that up to 86% of cardholders bypass the merchant and contact their issuing bank directly to dispute or question a charge on their bill”.

While banks generally issue a refund to the customers, the process often has a very negative impact on overall customer experience, causing confusion and lingering trust issues which can lead to future sales being lost. This has an added impact on the merchant’s bottom line, on top of the fees, fines, and operational expenses of handling the chargeback in the first place.

Chargeback costs can quickly snowball
Share on X

These costs quickly snowball, ranging from administrative resources needed to investigate claims and process refunds, to fielding customer queries and potential loss of legitimate sales, present and future. Add this to the operational expense of preparing and shipping merchandise, as well as the value of the goods themselves which often must be written off, and the cost for merchants quickly adds up. Ultimately, this is also very bad news for consumers, as these costs will eventually trickle down the supply chain and translate into higher prices. The true price of these chargebacks is not reflected in the refund amounts alone, significant as these may be. In their September 2015 report, The Impact of Fraud and Chargeback Management on Operations, Javelin Research found that organizations typically spent between 13% and 20% of their operational budget on fraud and chargeback management.

“Globally, chargebacks continue to grow and represent a significant challenge”, agrees Katz, “To address this problem, we need solutions that better align the interests of cardholders, merchants, and issuing banks on a global scale, focusing on continual innovation and refinements that are essential to effectively combat this problem”, he believes.

This is what Cardholder Dispute Resolution Network (CDRN) does, according to Katz. Verifi’s solution—which covers approximately 50% of the US market and boasts a 90% resolution rate—was named for the fifth year in a row as “Best Chargeback Management Program” by CNP Expo. It is now continuing to expand in international markets such as the United Kingdom, Verifi having opened an office in London in 2016, and now announcing a key strategic partnership with payments processor MegaCharge.

Verifi handles over 200,000 individual chargebacks each month
Share on X

One of the problems that CDRN addresses, according to Katz, is the fact that by the time merchants learn of the issue, it’s often too late to stop the chargeback. “Our patented closed-loop technology integrates directly with the top issuing banks. This pauses the chargeback process for up to 72 hours and redirects cardholder disputes from the bank to the merchant in near real-time. The merchant will have more time to assess and resolve the dispute before it ever becomes a chargeback. To date, we are supporting more than 25,000 accounts globally and handling over 200,000 individual chargebacks each month—amounting to an estimated $195 million in chargebacks prevented.

“The problem of chargebacks and friendly fraud are not only impacting businesses’ bottom line, but hindering future growth and jeopardizing customer retention, trust, and satisfaction rates. For merchants to strengthen their risk management and counter friendly fraud, the ideal line of defense would permit merchants to provide insights into the cardholder’s order as shopping cart-level data. This would feature merchant details and even the device used to make the purchase through the financial institution’s platform—all at the time the dispute arises. This deeper level of data can help cardholders better understand their purchases and avoid filing false cases of fraud that result in lost sales, higher labour costs and more”, Katz concludes.

Since the bulk of consumer purchases will be made online, it stands to reason that to tackle online fraud we must leverage data and technology in increasingly sophisticated ways. As the recent reports on the growing scale of this global problem show, gone are the days when the tools to do so could be considered an optional extra. They have, quite simply, become business essentials for every merchant looking to conduct business in the digital age.

This article initially appeared on World Commerce Review

Alice Bonasio is a VR Consultant and Tech Trends’ Editor in Chief. She also regularly writes for Fast Company, Ars Technica, Quartz, Wired and others. Connect with her on LinkedIn and follow @alicebonasio and @techtrends_tech on Twitter.

The post Can Technology Prevent Online Fraud? appeared first on Tech Trends.